Why it is time to take your information management seriously
BY CHRISTIAN TOON
The way you handle your information could represent a ticking time bomb for your business. If you routinely store your paper documents on office premises, you may be wasting thousands of pounds that could be better invested elsewhere in the business.
Many companies fail to recognise the full cost of storing paper and digital records in-house, including the loss of valuable office space and the manpower costs of stacking, retrieving and managing the information inventory.
What would you do if your office was broken into, or damaged by flood or fire? How would your business cope if your computer server and email went down, or someone lost a USB stick with sensitive details about your customers on it? The risk of a serious information breach or the loss of confidential information could damage your company’s ability to function, undermine the reputation of your brand and leave your customers vulnerable to identity theft.
The highest risk
Large, multi-national enterprises are quick to understand and act on the need to manage their often complex and sophisticated information requirements professionally and securely. The highest risk category is the growing, small to medium-sized businesses, for whom changing information needs can quickly overtake existing in-house processes and expertise. There are a number of steps that businesses of all sizes can take to protect their information.
Know where your information is
Understand exactly what information you have, how much of it exists and then categorise the types of information in use. Finally, ensure you can track information from its creation to its eventual deletion; recording where it is at any moment in time, with whom it is shared, and who is accountable for it.
Train and communicate procedures clearly
Be certain that employees handling information have received appropriate training and have a clear understanding of your company’s security requirements. This should be backed up by clearly communicated procedures for information handling and storage.
Back up and encrypt
Regularly back up and encrypt all information. This also applies to information taken offsite, for example by employees working from home. The storage, archiving, management and retrieval of information should be secure; an approach that leaves boxes piled up in cupboards or under stairs does not meet these criteria.
Know the cost
Assuming your company manages its physical (documents) and digital (for example, emails) records in-house, identify how much this is costing. When you take into account requirements for physical space, the amount of staff time devoted to storage, management and retrieval, not to mention the cost of training your staff to handle information appropriately, the chances are that the total expenditure is significant and could be saved and re-invested elsewhere in the business. Online calculators, such as this one, allow businesses to identify and compare the cost of storing information onsite with the cost of outsourcing it.
Prepare for the unexpected
Ideally, information should be stored securely offsite where it is not vulnerable to accidental breaches or unforeseen incidents such as fire, flood or theft. If kept on-site, you should regularly review physical security arrangements – something that can be particularly challenging in the absence of security or information management resources.
Shred and dispose
It is vital that once customer information is no longer required, it is irretrievably disposed of. The secure particle shredding of documents and discs is the best practice option and should become the standard across the business. This allows you to destroy information relevant to your business and security rating.
While this list is far from exhaustive, it demonstrates that information protection is a serious issue that requires serious commitment. For growing businesses, dedicating appropriate resources to implement best practice can appear a major distraction from the core business. For many, it may well be worth approaching a trusted third party to store, manage and destroy information in ways that help ensure compliance with increasingly complex and stringent legislation and to get ahead of the competition.
No business wants to fail, and certainly not as a result of something as avoidable as a information breach. Information is one of the greatest assets of any business – it pays to keep it safe.
Christian Toon leads Information Risk Strategy at Iron Mountain