We’ve all heard about the recent cyber data breaches at large corporations and the implications that follow. Target saw a significant decline in traffic and paid out a settlement of $10 million after 40 million credit card numbers were stolen.
Hacking, phishing and malware have become all too common in this day and age but did you know that paper data breaches still account for a significant amount of total data breaches? A study of more than 1,500 data breaches in 2013 and 2014 by a unit of Beazley P.L.C. reveals that the two most common sources of breaches are unintended disclosure and the physical loss of paper records. The loss of paper records accounted for 24% of the total.
The most common causes of paper data breaches are:
- Misdirected faxes
- Misdirected mailings
- Employees leaving office with sensitive documents
- Improper disposal
In one case, a woman in Florida saw sheets of paper flying out of the back of a trash truck along a busy highway. Official documents containing sensitive information like Social Security numbers began littering the side of the highway. Turns out this was the result of an office building closing and all their files, including employee and client records were simply tossed into a dumpster. More than likely no one was lurking along the highway hoping to find sensitive data, but “dumpster diving” for personal data is still a viable threat in identity theft and it’s important that any sensitive documents are shredded before being discarded.
In this case improper document disposal was the cause of compromise. This can be solved by putting in place a standard operating procedure for the chain of custody for every document.
Here are some other ways you can be prepared to avoid data compromise:
- Preventative security capabilities
- Threat information gathering
- Personnel awareness and training
- Proactive security assessments focusing on identifying the location of critical assets and data and implementing reasonable safeguards and detection capabilities around them.
- Developing, updating, and practicing incident response plans.
Schedule your free Data Vulnerability Assessment with us today.