July 12, 2018

What Every HR Employee Needs to Know About Physical Data Security

Human Resource (HR) employees, play a crucial role in an organisation. Besides taking care of the necessary administrative tasks like processing payroll or recruiting and onboarding new colleagues, HR employees play an essential role in developing an organisation’s strategy with regards to employee-centered activities and processes.

Handling most of the organisation’s internal processes and procedures relating to staff makes HR employees a gold mine of personal data, including information held in physical format such as paper documents. This data can range from NRIC numbers, residential addresses, personal email addresses to mobile numbers. This makes HR employees a prime target for data theft. Here is what every HR employee should know about protecting physical data:

Storage of physical data

Physical data is often overlooked when it comes to information security as most organisations tend to focus on digital security measures. However, ‘getting into’ network systems is not the only way that sensitive information can be obtained or used against an organisation. HR employees need to be diligent and store physical data correctly and securely. If documents are not properly stored, confidential information could be accessed by unauthorised persons (contractors, janitors, other staff, etc.). Furthermore any unused confidential documents must be disposed of properly with security in mind.

Disposal of physical data

All the firewalls, cryptography and other digital security measures are meaningless if the same information leaks through physical means, for example through improper disposal of data.

A reporter from Yahoo News Singapore has written about the wealth of confidential information available in carelessly disposed paper documents. She observed the operations of several recycling companies and managed to retrieve discarded income tax statements, photocopies of passports, driving licenses, work permits, and payment vouchers from a financial institution, along with many other documents.

Such sensitive information can be easily mined from paper trash with dire consequences, ranging from illegal access to bank accounts to harassment from loan sharks. And this is not only a concern for individuals; organisations are just as vulnerable to the consequences of physical data breaches. For example, a person could get hold of an organisation’s official invoice and pull off a fake invoice scam. Organisations who improperly dispose of sensitive personal documents or disseminate privileged information can also be charged for breaching the Personal Data Protection Act (PDPA).

The consequences of a physical data breach can be just as severe as a cyber data breach and are often more difficult to trace. The easiest and safest way to reduce the risk of a physical data breach is to adopt and educate employees on information security policies such as a Shred-it All Policy and a Clean Desk Policy. This not only ensures the secure disposal of sensitive hardcopy documents, but also reduces the risk of an information leak during the transport of paper trash.

Start Protecting Your Business

To learn more about how Shred-it can protect your documents and hard drives, please contact us to get a free quote and security risk assessment.