Watch Your Printers: Employees lack security awareness around sensitive documents

An overemphasis on cybersecurity may be putting some businesses at risk as employees lack physical security awareness and an understanding of sensitive document handling practices.  A new report finds nearly three in four companies (69 percent) that have experienced a data breach reported it involved the loss or theft of paper documents, or electronic devices containing sensitive information.

The report, titled Shred-it: The Security of Confidential Documents in the Workplace, was conducted by the Ponemon Institute and found 68 percent of businesses reported their organization has experienced at least one data breach in the past 12 months. Ponemon researchers surveyed 650 IT security and non-IT employees across all U.S. sectors.

The findings reveal security managers are failing to place a priority on the protection of physical assets, and have not put proper records disposal policies in place, according to researchers.

Employees, while often well-meaning, make mistakes in handling documents, and 65 percent of managers are concerned their employees or contractors have printed and left behind a document that could lead to a data breach. The research also finds 71 percent of managers have seen or picked up confidential documents left in the printer.

β€œIt does not take the stealth and sophistication of a cyber attacker to cause a data breach,” researchers wrote. β€œA careless employee leaving a sensitive document in a communal printing tray or a malicious insider intent on stealing information [contained] in documents that have not been properly destroyed can result in the loss or theft of critical information assets.”

Among some of the other highlights in the research:

-Only a third (33 percent) use physical security to prevent unauthorized access to document storage facilities.

-Nearly two in five (38 percent) use filing cabinets or locked desks to store these document.

-Less than a third (31 percent) enforce a clean desk policy 

-Half (50 percent) of managers say their organization does not take any of these steps.

To learn more about emerging trends, innovations, technologies and information critical to security from ISC News, sign up for our complimentary newsletter here.  

Article Written by Joan Goodchild | View all articles by Joan Goodchild