Andrew Ford, vice president marketing and communications, Pitney Bowes, explains what companies must do to keep data safe
The financial impact of a data security breach on a business is skyrocketing. For a large business in 2015 it is estimated to cost a minimum of £1.46m, up from £600,000 in 2014. For small businesses, it is estimated that it will cost up to £311,000 in 2015, almost three times that of the estimate of £115,000 in 2014.
External and internal threats to a business are increasingly common, and yet small businesses in particular are still falling short of the necessary safeguards when it comes to protecting client data. More than 85 percent of small businesses are not providing the baseline level of data privacy protection for the transactional communications they send, such as cheques, statements and patient records. These kinds of documents contain sensitive, personal information, and clients have placed their trust in these organisations, so businesses have a moral obligation to protect them. Businesses must also comply with stringent regulatory obligations, and the stakes are high if regulations are not adhered to.
The UK’s Driver and Vehicle Licensing Agency (DVLA) is just one organisation found to have breached data protection rules when sending out confidential documents to the wrong motorists. It mailed 1,215 questionnaires which included such personal details as dates of birth and motoring offences, but around 100 were sent to incorrect addresses.
With businesses currently spending £42bn protecting themselves against data theft – a figure forecast to almost double to £78bn by 2017 – and data breaches snowballing, organisations must take steps to protect their transactional data, digital or physical, and apply the high levels of privacy levels that it demands.
Culture Club: foster a culture of transparency
Businesses are liable to an average of four staff data breaches each year. Morrisons’ supermarket recently hit the headlines in the UK, with an employee accused of stealing 100,000 personal accounts from the staff payroll database. For small businesses with high volumes of transactional mail, such a breach could be devastating. Preventing this by creating a culture of transparency, openness and accountability isn’t going to happen overnight, but investment and time spent on employee engagement is very wise.
Education’s what you need: educate staff and brief the senior management team
Security awareness training and education is key: a simple video, even just filmed on a smartphone, of an employee sharing tips on selecting robust passwords – picking phrases not words, adding characters and numbers – can make a real difference in safeguarding information. And don’t forget to brief the senior management team on the impact of a breach, and what you’re doing to address this.
Easy does it: rollout usable technology to secure data
Businesses need to make it easy for staff to protect the data they generate and manage, with the right tools and technology. Robust firewalls, encryption techniques and password-protection to providing VPNs and cloud storage are standard practice for businesses of all sizes now. Consider mobility: although it may not be top of your agenda now, there will come a time when your staff want to work flexibly. Make sure your client data is protected however staff are accessing it.
100 percent Integrity Guaranteed: consider Document Integrity to protect physical documents
Data in both digital and physical form need to be managed, maintained and protected. Data held in paper-based form is equally as high a security risk -in fact, almost a quarter of security breaches relate to paper-based documents. Businesses can build safeguards into the earliest stages of a document’s creation by rolling out watertight Document Integrity processes and systems. The objective of Document Integrity is to ensure the document creation and change processes generate sound, correct and valid documents – so from document creation through to print output and mail, every stage is specifically designed to protect data and achieve compliance. It enables businesses to provide evidence that appropriate best practices, processes and controls are in place.
Ground control: implement inserter control systems to protect physical mailings
When it comes to mailing physical documentation, inserter control systems are at the heart of providing document integrity. Traditional inserter control systems use Direct Scanning of each insert and technology such as Optical Mark Recognition and barcodes. Now, File Based Processing, previously used almost exclusively in high-volume production environments, has become more accessible for smaller businesses thanks to advances in technology. With File Based Processing, a mail run data file (MRDF) containing all records and instructions for a given job is first sent to the inserter PC. As the inserter reads a barcode, it matches that code to a record in the file. This verifies the accuracy of every page as it is processed. The MRDF contains all instructions, so the inserter knows precisely what to do with each page. Finally, every page in the end-to-end process is tracked, providing a complete audit trail for the mailing.
Under lock and key: protect a document throughout its lifecycle
Consider the lifecycle of a document from creation to printing, to transporting home for proofing, to filing on the desk in the office. Secure printing requires users to use a swipe card to print physical documents. Consider files with pockets, if staff must take physical documents home. You can also introduce a clear desk policy, and encourage staff to lock away documents and laptops overnight. With historical documents, rather than filing older physical documentation on-site, businesses now have a diversity of cost-effective options for document archiving, which ensure clients’ historical transactional documents are housed in a far safer environment than in a filing cabinet in the office. There are bank safety boxes, and off-premise archiving, and for those with high volumes of historical documentation, an access-restricted document viewing room is worth considering.
Combining high-performance technology with best practices and employee education creates a robust protective environment for client data, whether physical or digital. Get this right, and your business will have a secure platform on which you can grow your business, generate client trust and foster employee engagement.
How much do you know about 2015’s data breaches? Try our quiz!