Friday, 16 January 2015

Infosec: Waste Paper & Document management

Is your company invest heavily on Information Security? But still you find leaked critical information out of your database! Despite your investments and firewall, crackers play havoc on your business? Now, its time to think how you manage files and documents that are be disposed.

Welcome people, its time to manage your method of disposing waste paper that might contain potential information. A dedicated hacker(cracker) will not relent until he made it through your information security systems. The potential information about your infrastructure and security might end up in trash one day. Example, think about your customer database printout which were used for business analysis finds place in trash. Bravo! the attacker who sniffs for a breakthrough around your company might find this treasure. Unfortunately, you comprise your customer identity. The attacker would make good money out of the information from your trash at loss of your business.

The above illustration is just a tip of the iceberg. Think about copy of your security blueprints leading to server, hand written passwords, placement of security elements, contractors hired by you, employee details, etc in your trash. So don't neglect the safe disposal guideline to manage the waste. The best solution is to create a security policy for your company and educate all employees about the importance of waste management. Especially for the people who have hands on critical information. Any lapse will cost the company future.

Most effective way to prevent attack is to use a shredder. But not a normal shredder. Install a cross shredder so that the information on the papers shredded is unrecoverable. A dedicated attacker will not stop even after finding paper bits in the trash can. An hour or two  and a tape are enough to get the pieces of paper together. It might find crazy at first. But its always better to prepare for the worst. So install a cross shredder and make your company security policy strictly enforce  cross shredding all the papers, especially of the critical assets.

Even if you have contract with incinerating facilities, it is well advised to cross shred the documents and papers before loading it for transport. Trust no outsiders when it comes to information security. So make sure your security policy reflect this practice.

No comments:

Post a Comment