Secure Your Important Documents

Posted by Ray Barry

You may think that keeping important documents in a lock filing cabinet is enough security, but with today's technology, electronically storing documents is much safer. You can assign levels of confidentiality and assign employees levels of confidentiality for access. Furthermore, when it's time to purge files, you don't have to worry about choosing a shredding company that you trust. A side benefit is that you have extra space that is no longer taken up by filing cabinets.

Secure Your Important Documents

When you set up an electronic document repository, put a security plan in place. The plan should allow you to administer the repository and add and delete employees easily. Some considerations include:

  • Storing documents with same types of confidentiality like classification folders;

  • Assigning employees different classification levels for access or denied access to certain classified documents;

  • Using inheritance to apply security settings over groups of documents, rather than assigning each document its own security classification; and

  • Auto filing documents to reduce the risk of misfiling.

When you arrange your document filing according to confidentiality classification, you'll find it easier to manage document security.

Mobile Access

Should you and your employees have access to documents on mobile devices such as smart phones, tablets and laptop computers, disable the automatic log in function. This will for anyone with access to the mobile device to log in each and every time. While that could be inconvenient, especially for someone who accesses documents frequently, it increases security if someone loses a mobile device or if the device gets stolen.

Risky Practices

Eliminate risky practices such as allowing downloading and temporarily storing documents in clear text on generic USB devices, moving confidential documents to Dropbox and downloading documents to a public drive. Make sure any document sharing capabilities are defined in your office's security plan, and that those capabilities are truly secure.

Also, ensure that employees know where they can securely send documents within the organization. For example, a partner should not be sending confidential documents to a receptionist or other office worker if that person or his or her area of office does not have the proper security clearances.

Information Classification

When you create a classification system for documents, be sure that all employees understand the classification system and that all documents are tagged appropriately. Since many people do not read policy manuals, publish the information classification system in a separate manual.

The classification system should also be implemented in the technical infrastructure so that it's easy to find and understand. Keep the classification system simple. If it's too complex, employees are less likely to follow it.

Document Disposal

When you have physical documents, they must be shredded to prevent identity theft. Once shredded, the documents should be burned so that there is no chance of them being recreated. Once documents leave the shredder, they make their way to a dump where bags of your shredded classified documents may sit in an unlocked area, just waiting for someone to comb through them.

When you have electronic documents, hardware – hard drives, flash drives and other digital storage devices – tend to break over time.  Learn more about hard drive destruction from Carolina Shred. Or, you may want to upgrade to a larger hard drive. Once you copy your confidential documents to the new hardware, you will need to dispose of the old hardware.

Keep in mind that even though you deleted the information off the old hardware, it's not really gone. With the proper knowledge and software, anyone could find those deleted documents since they are not really deleted. The safest way to ensure that no data can be recovered is to destroy the hardware so that it can no longer be used. One good whack with a hammer isn't enough. The actual disc must be destroyed, along with the case and electronics on the hard drive. Your data is safe only when you completely destroy the hardware so that it cannot be put back together.