Everyone who works for a living expects to be safe at work. In fact, the OSHA General Duty Clause 29 U.S.C. §654, 5(a)1 states, “Employers are required to provide their employees with a place of employment that “is free from recognizable hazards that are causing or likely to cause death or serious harm to employees.”” Additionally, employees expect their personal information to be kept safe. Workplaces have sensitive information including social security numbers, birth dates and addresses.
Cybersecurity and document security is just as important as physical security in the workplace. To ensure the protection of all employees and the employer, each employer should have a security plan in place. That plan should include instructions for:
Setting secure passwords. Employees should not use 123456 or 'password' as these are easily guessed. A password should contain a combination of lower and uppercase letters, numbers and special characters. Employees should be required to change passwords every 60 to 90 days.
Unlocked mobile devices. Many employers provide mobile devices for their employees. They should also make sure that employees keep access to those devices locked with a password or fingerprint recognition.
Clutter. Sensitive documents should not be left on desks. It is too easy for someone, even another employee without security clearance, to take those documents. Once the documents are converted to electronic files or the time required to keep physical documents have passed, those documents should be shredded.
Shredding bins. These bins should be kept under lock and key. Documents that need to be shredded should not be left in bins that are in the open. Cleaning crews and anyone else with access to the office could easily go through these sensitive documents.
If you are not sure whether the security you have in place is enough, schedule a risk assessment to check your security. Ways to increase security for the office, employees and your clients include:
Key card access for exterior doors and interior doors that lead to secure filing areas or the server room.
Use closed circuit monitoring devices and intercoms at the perimeter of the property.
Give all employees and authorized contractors access control badges with recent photographs.
Keep documents locked in secure cabinets when they are not in use.
Keep shredding bins locked up.
Keep master keys and any extra keys locked up.
If the office area is open, arrange it so that you are able to easily see visitors that are not escorted. You should also be able to see the workspace of anyone who works with secure documents and information.
Additionally, if you have a front office and deal directly with customers, make sure the office and building is designed so that the customers do not have access to secure areas. A locked door should be between the front office and the rest of the office space. Depending on the type of business you run, you may also want to have metal detectors installed. Keep the receptionist's desk closer to the front door.
Law often dictates that you must save certain documents for a set amount of time. Those documents may contain personal information of employees or customers, including social security numbers. These documents should always be kept locked in a secure cabinet.
When you no longer need to keep those documents, contact Carolina Shred to help you dispose of them. We also shred media including old computer disk drives, USB sticks and other storage media and x-rays and other patient films. All of these documents and media could have information that an identity thief would love to have. Our cross-cut shredding process ensures that your sensitive material is destroyed.