Intelligence Advisory
Paper Thin Security?
4
8
A recent study shows
6
15

71% of the study participants were aware of an incident where sensitive or confidential paper documents were lost or misplaced.

15

91% felt that paper documents often contain sensitive or confidential business information.
15

Only 14% of employees and contract workers know what type of information is sensitive or confidential.
15 63% felt strict policies for securing paper documents were in place.
15

Only 16% felt there were proper controls in place and enough
resources to secure paper documents.
2
Employees have access to files
4
8
Departments most at risk
6


1. Human Resources
2. Finance & Accounting
3. Information Technology
4. Sales
5. Marketing
2

Content Contributor:

Technolytics is a security research and intelligence provider and
Solutionary's partner.
Employee with confidential documents

Much of the media attention and our information security programs focus on the theft of electronic records, which has been significant, with very little attention being given to paper documents.

In 2006 there were an estimated 15.2 trillion printed pages worldwide. That number is expected to grow to more than 50 trillion pages in 2010.

Dumpster diving has given criminals access to sensitive organizational and personal information providing opportunities for wealth for well over a decade.

Over twenty years ago the country began talking about going paperless. The fact is, we are not anywhere close to that today.   Despite the fact that over 90 percent of documents are created electronically, the number of physical documents continues to grow!

A recent study focused on the timely topic of data breaches; it highlighted that 49 percent of respondents whose organizations have been affected by a data breach stated that one or more of the breaches involved the loss or theft of paper, not electronic documents. The study also reports that 53 percent of those surveyed felt that employees are putting the organization at risk via communal printers, data left on whiteboards in meeting rooms or at meetings held outside the office.

Approximately 46 percent of those surveyed went on to estimate that the financial impact of these acts is between $10 million to $30 million per year. The average cost of a physical/electronic data breach incident was $6.65 million in 2008. That was up from an average per-incident cost of $6.3 million in 2007.

While organizations should continue to invest in electronic information security, real risks still exist on the paper side.  Brian Martin of Spy-Ops, a global security company, said, “The chief information security officer (CISO) owns the protection of physical documents, as well as electronic - although most of them do not realize or accept that fact.” Creating a sound and legally compliant physical records retention policy that addresses and schedules proper destruction is the cornerstone of physical document security and a fundamental component of an enterprise security program.

Security professionals must acknowledge and address the growing threat of physical data security and give it the same attention as electronic records: assess, train, and control.

So one question remains—how exposed are you?


For more information on better securing your physical and electronic documents contact Solutionary today.

866.333.2133 | www.solutionary.com