How Information Security Protects Your Brand & Your Business Reputation
Identity theft has been a critical issue for over a decade and it’s become worse in recent years. 2017 was the worst year yet with almost $17 billion stolen and 1.3 million more names added to the victim list, according to a study by Javelin Strategy & Research.
As a consumer, facts like these are alarming but they should be a warning to businesses too. If you haven’t been doing all you can to protect sensitive information, you’d better start now.
Information security keeps your client’s data and financials intact, and it also protects your employees and overall business.
Protect Your Brand
Branding doesn’t happen overnight. It takes years of hard work and strategy to build a solid brand and strong business reputation.
Shielding your brand from tarnish is vital at a time like this when business is so competitive.
How consumers view your business and the feeling they get from hearing the brand name makes a difference in whether or not you’re being successful.
Measures you’re taking to ensure the safety of privileged client information is a reflection of how much you value your clients.
A Ponemon Institute study determined that a data breach will cause the value of a company’s brand and reputation to decline anywhere between 17 and 31 percent. The decline varies depending on the type of breach, but compromised customer data ranked highest in causes of brand and reputation decline.
The study also concluded that brand and reputation damage has a connection to the overall financial loss sustained from companies experiencing a data breach.
Though many are shifting toward paperless systems, so are thieves who shift strategies along with their victims.
There’s no escaping the responsibility of keeping client information safe. In fact, as identity theft rises so do regulation to get it under control.
How GDPR Compliance Impacts Your Business
In an effort to take control of the climbing number of identity theft incidents, General Data Protection Regulation (GDPR) has taken the place of the Data Protection Act.
By the 25th of May, 2018 companies will need to comply with their regulations on data storage and protection. The guidelines involve making adjustments to their current technology and security procedures.
The GDPR is currently only a European practice, but anyone who has EU clients and handles their confidential information are required to make the changes.
Even if you don’t conduct EU transactions or deal with their clients, it’s worth it to review General Data Protection Regulation policies and see where your business stands.
The first quarter of the year is coming to a close, so now is a good time to update company security policies.
Here’s a summary of the main changes with GDPR:
Non-compliance fines of the greater between 4% of annual global turnover and $4 million
Consent forms must be easily accessible and clear to understand
Required to notify clients and controllers within 72 hours of a data breach
Customers have the right to know if a company is processing their data
Must provide a complimentary copy of customer’s data at their request
Must destroy/delete customer information and stop processing if they request
Only allowed to store data the company needs to conduct business
Access to data limited to only employees who need to conduct business
Eliminates requirement to report notifications to every local DPA
Using standards from the GDPR is a step in the right direction for adequate information security.
How to Secure Sensitive Information
Have a system to maintain and monitor company information
Each member of the company should be on the same page with securing information. Like the company’s culture, you need uniform understanding of how to protect information.
Step 1: Start by knowing the law.
Many industries require paper documents, but they’ll need disposal after a period of time. Different documents have different guidelines for how long a company must keep record of them.
Businesses must keep tax documents on file for 3-5 years depending on the type and purpose of the document, according to the IRS.
Other documents like applications for employment, financial records, and legal matters have other time restraints.
Work with your attorney to understand what documents your company has and how long you’re required to keep them. You also need to understand the law as to what methods they require and allow to store documents safely.
Step 2: Next, train employees on how to secure sensitive digital and hard information.
Employees at most levels will have some access to confidential data. Teach them the importance of locking computers, not visiting unauthorized websites, and even telephone safety.
Staff also needs to be clear on what information the law and the company considers sensitive and/or confidential.
Consider having tiered levels to limit information access to certain information. You can do this based on who needs the information to perform their roles within the company. If there’s no need for everyone to view old stored files, control who can get to those records.
Step 3: Implement a schedule for when documents have expired and are ready for discard.
For paper documents you have stored, make sure there’s a label attached with an expiration date.
Put everything in writing
Add decisions about your company’s information security to your policies and procedures. Review and update your company information security policies regularly. As regulations or technology changes, you should also update your company policies.
Dispose of documents properly
Discarding documents containing confidential information is one of your best options in the fight against identity theft. It can put a stop to a chain of events that could cause you to lose valuable clients, employees, and even your business.
Never recycle sensitive information. Whether it’s paperwork or a hard drive of documents, you’re risking exposure by simply putting it in a recycling bin. Even deleting old information doesn’t wipe a hard drive clean.
Burning documents isn’t an option (most counties prohibit it), and it may not do much good as an effort to get rid of information on a hard drive.
There’s machinery designed specifically for hard drive destruction, and that’s how you can make sure your information gets disposed of safely and efficiently.
Paper shredding and even shredding your hard drive will destroy sensitive data you no longer need. That keeps it out of the hands of competitors and thieves.
Don’t rely on staff to shred documents. Stick to professionals.
Though you should take time to stress the importance of securing sensitive data, you shouldn’t assign staff to dispose of documents. Most likely, they already have a role that helps the business function.
It’s also leaving important documents vulnerable to individuals who haven’t been trained and certified in information destruction.
Outsourcing your shred duties to a reliable, well-qualified company helps you keep business running without interruption while keeping everyone’s information safe. That’s the most important reason, but there are other benefits of using a professional shred company:
Reduces your liability
Cost and time savings
Certificate of Destruction
Protect Your Brand With PROSHRED®
PROSHRED® is an ISO 9001 and NAID AAA certified company that’s been in the business of document destruction for over 30 years. We know the importance of keeping confidential information out of the wrong hands.