Critical Records Security: How to Protect Physical and Electronic Files

Thursday, March 5, 2015 by under Access Control, Audit/Compliance, Monitoring

All businesses have important records or documents—whether financial, medical, customer-related or otherwise. However, events ranging from theft to natural disaster can compromise document security and negatively impact business operations.

Learn what preventative steps your business can take to properly secure physical and electronic files.

1. Keep Sensitive Physical Documents Locked

Critical records should be kept in a locked file cabinet or storage unit that can only be accessed by sanctioned individuals.

Install access control technology on cabinets to prevent unauthorized individuals from retrieving information, and create a log of who accessed documents and when. It works by providing employees unique codes they must input to gain entry to files.

Pro tip: Spring for a fire or disaster-proof housing container as physical documents are subject to the elements.

2. Back Up Files Electronically

If physical copies of critical records are stolen, missing or ruined, you can rest easy knowing the information isn’t lost if you have electronic back ups.

Back-up files can either be housed locally on your computer (offline) or on a cloud service, where files are available online with the right clearance.

Pro tip: If backing up files locally, make multiple copies, and store one or more hard drives in separate locations.

3. Keep Information Out of the Wrong Hands

Hackers and thieves may target documents to gain access to bank accounts or client/patient personal files. And the loss of sensitive documents can create financial and public relations havoc on your company.

Take the necessary steps to secure physical and electronic documents. All electronic back ups must be created on a secure platform. To evaluate vendors:

  • Ask about critical features like encryption methods and firewall security.
  • Check that security features meet industry standards, such as HIPAA for medical-related industries.
  • Ask if the vendor or a third-party maintains servers. In addition, ask what certifications the data center holds. Important certifications to look for include ISO (International Standards Compliance) and SSAE16 (Standard on Assurance Engagements).
  • Request to see a case study of a company in a similar industry.

For physical documents, limiting access—as suggested above—is your best line of defense to reduce risk.

Lastly, it doesn’t always take a hacker or thieve to misplace documents. Careless workflows and processes can also leave your company vulnerable. Consider when NHS sold computers with patient information still stored on them as a cautionary tale.

How do you secure critical documents? Share your thoughts in the comments below.

Image Source: Mark Crossfield via Flickr

 

Please read our commenting policy before posting comments.


comments powered by Disqus