Business Owners: Don’t Neglect Physical Document Security

By Raymond Rangel, Sales Manager at Data Storage Centers.

The security of sensitive documents is something that every business owner in any industry should take seriously. You must protect the information of your business and your clients. Business owners have been on the ball lately when it comes to cyber security, but the focus on digital document security has caused many business owners to relax their security of physical documents. The storage of physical documents is still commonplace and is subject to security breaches if you do not protect them properly. Implementing a good physical document security plan remains an essential part of running a successful and secure business. Here are some things you need to do 

Monitor access

Sensitive physical data must be kept in a secure room and only a few trusted employees should have access to that room. This means the record storage area stays closed to most of your staff. When you or an employee enters the room you must monitor who entered the room, when they were in the room, and what reason they needed access? Creating a system for who can or can’t enter your storage room creates a clear chain of command in your security process and tracks movement in the room that you can follow if documents go missing. You must monitor when someone enters your storage room or at least create a list of which employees you have granted access. The more people who enter a secure room the less secure it is.

Know what documents you are retaining

You must know and record what physical records are being stored. A business has a large number of sensitive ranging from financials to private medical insurance information.  You must properly label and monitor these documents separately. You should never store your records in a room and not organize them. Track what records you are keeping by recording them in a spreadsheet, document, or computer program to show what being records are being kept. Your tracking plan must state what documents are, who organized the documents, when it was recorded, and when documents must be destroyed. Properly tracking your documents means you know what physical documents you have and which ones you can safely dispose of.

Know record retention rules

State and federal governments have laws and regulations for what records must be saved and how long you need to save them. You must be aware of federal and state record retention requirements. For example, did you know that you should keep at least three years of tax records in case you are audited? HIPPA related documents are required to be retained for six years at least. Know the laws for document retention. Having a basic understanding of retention laws will inform you on if you need to retain certain documents and how long you have to retain them before you can securely destroy them. 

Securely destroy your documents

When it is finally time to dispose of recorded documents it is important that you do so in a secure way. 

Patty Caradonna owner of secure on-site document shredding company ProShred Arizona said you must do more than just throw sensitive documents in an office shredder.

“The reality is if you don’t take the storage and destruction of sensitive documents seriously than your business could be held liable,” Caradonna said. “It only takes one number or name on a piece of paper to put you and your team’s info at risk so you have to dispose of this information in the right way.”

It is important to remember that you are legally obligated to dispose of sensitive information in a secure way. The Fair and Accurate Credit Transaction Act (FACTA) requires businesses and individuals to take appropriate measures to dispose of sensitive information about consumers. Shredding, pulverizing, and burning documents are all considered reasonable measures, however the most secure method of shredding is on-site shredding so you can witness the shred by a certified company. 

Not disposing of documents properly can lead to your business being penalized. 

Caradonna recommends hiring a document shredding company to do this for you instead of disposing of it in-house.

“You really should have someone who is certified in secure destruction of documents instead of just doing it yourself,” Caradonna said. “Information that seems unimportant to you could be all someone needs to steal your information and cause a breach so you want to make sure you work with people who know how to securely dispose of documents.”

Keep your records in good condition

Record storage is also about record preservation. If you are keeping essential info, then you have to keep that information in good condition until you destroy it. The room you keep records in should be climate controlled, humidity-free, and free of dust and dirt. For extra document protection, you can use a media vault to store your most important documents. However, a well-ventilated and organized record space will do just fine for a majority of business owners. 

Physical record storage is still an essential part of any business’s security. Create a record security plan that monitors what records you have and who can get to them and you will successfully protect your customers and team’s sensitive information.

Raymond Rangel is the Sales Manager of Data Storage Centers in Phoenix, Arizona. Data Storage Centers are experts in the secure storage and organization of physical media and sensitive records for commercial enterprises.

Follow Brilliance Security Magazine on Twitter and LinkedIn to ensure you receive alerts for the most up-to-date security and cybersecurity news and information.