Those with mischief in mind have widening range of ways to access company’s valuable and vulnerable intellectual assets – and stories abound of businesses that have fallen victim to such attacks.
At the heart of an organisation’s risk management policy there needs to be sound security practices utilising the latest technology, both online and off-line, internal and external.
It all starts with identifying the risks, then implementing appropriate strategy and deploying technology to minimise those risks. good place to begin is with document management.
Shredding the evidence
Document shredders are still the first line of defence for preventing hard copies, CDs and floppy disks getting into the wrong hands. With the Privacy Act still uppermost in people’s minds, personal desk-side shredders are growing in popularity, and companies have been forced to tighten their in-house shredding policies.
Impact Klipbind general manager Carl Nielson divides shredders into two broad categories.
“One is straight-cut shredder that shreds paper into spaghetti noodle lengths between 1.9 and six millimetres. The other is cross-cut shredder that cuts the paper lengthwise and widthwise and therefore makes more secure shred,” he says. “A cross-cut shredder also creates more compact shred, producing around 75 percent less volume of shredded material.”
The amount of paper shredder can handle is important for buyers, although Nielson points out that most shredder manufacturers base throughput on 70gsm sheets, which are thinner than the 80gsm sheet traditionally found in New Zealand offices.
“So machine will shred around 25 percent less sheets than the specification, unless it specifically states 80gsm sheets,” he says.
“An entry-level shredder will shred three to five sheets of 80gsm paper at once, but by investing little more money, good shredder can handle double that amount.”
Make sure the shredder you buy can more than match the amount of shredding to be done now, and in the future. Has it got enough grunt and solid steel cutters to munch through the occasional paper clip or staple? Does it have safety cut-off switch, or reverse switch for extracting any jammed sheets?
And here’s tip from Nielson that should keep your shredder heads running sweetly for years.
“Most shredders, especially cross-cut models, should have the cutting head oiled regularly to prevent dust build-up, which reduces the cutting efficiency. Simply use sewing machine or 3-in-1 oil, grab couple of sheets of paper, squirt little oil across the width of each sheet and run them through the shredder.”
Off-site document destruction
While certain amount of document management and destruction can be handled internally, there comes time (and more importantly volume of documents) when the bulk of the work is best left to off-site service providers. While it can vary from company to company, generally the off-site industry uses mid-volume photocopier as the benchmark on when to make the switchover from internal management to external. If your company has reasonable size copier that’s getting fair amount of usage, you should seriously consider using an off-site service.
As always, when choosing service provider, make sure they comply with all appropriate local and international codes of practice. Companies involved in the destruction of documents and management records are required to be licensed, and security guards are required to be licensed under the Security Guards and Private Investigators Act 1974.
Such services not only provide totally secure process of destroying paper-based information and other items that could be confidential, sensitive, or useful to your competitors (including CDs, tapes, disks, and hard drives) – they also do so in an environmentally friendly manner. The shredded by-product is either recycled into usable products (yes that egg carton may once have contained important information), or incinerated in manner that befits our regulatory climate.
Other security services provided by outsourced partners can include off-site computer tape management, which can be done securely via the internet (and usually includes vital back-up disks), as well as the archiving and managing of documents and images (again this can be done electronically). By putting such processes in the capable hands of specialists, you are not only minimising the risk of security breaches, but also making life easier for junior staff who may struggle with the responsibility of deciding what should be destroyed, and what should be retained.
Pointing the finger
The “fear factor” of terrorism since 9/11 has highlighted the need for greater vigilance on who is gaining access to your buildings and systems.
In the access security field, proximity cards and smartcards have been around for some time. Now attention is switching to other forms of access control such as biometrics (iris, fingerprint, facial or palm recognition), or in the case of computer access, privacy back-up security systems such as PC Access. This software program is based around card-based transmitter and plug-in receiver. Move away from your desk for pre-determined time and the software automatically shuts the system down to any prying eyes with security screen saver. Walk back into range and the system is once again available without any time-consuming logging on or off.
However, biometrics is almost without question where the future lies for applications such as border control, financial transactions, access control, and wherever privacy concerns are highest.
It’s not all pie-in-the-sky, science fiction technology. Michael Thom, whose company Mindex markets the fingerprint-driven BioMouse, points out that the biometrics security industry already turns over US$700 million and is set to balloon to US$2 billion by 2008.
“Sensors have come down both in size and price, which has spawned whole new area of development,” says Thom. “Get ready for raft of new cheap, reliable, accurate, and fast products in the accessories market.”
Fingerprint verification is considered to be the most commercially viable biometric authentication technology, because of its speed, accuracy and cost effectiveness. The world’s major manufacturers are already rolling out solutions – USB storage drives and web cameras now offer fingerprint authentication; PDA makers Compaq and Palm have developed fingerprint recognition, as has Sony with its smartphones – and this, says Thom, is just the tip of the biometric iceberg.
“A Canadian bank is also trialling fingerprint recognition for its online banking customers which many would say is the ultimate way of people proving that they are who they say they are.”
So why bother with biometrics? According to Thom, securing data is the primary driver.
“Seventy percent of data theft is via internal security breaches and biometrics can play vital role in stemming the tide.”
The digitalisation of CCTV
Closed circuit television (CCTV) is quickly becoming standard equipment in the arsenal to combat security breaches and theft.
The most significant advance in this field in recent times has been the arrival of the Digital Video Recorder (DVR) which makes the storage and retrieval of images much easier than old analogue systems. Up to month’s worth of video images from one camera can be stored on 40Gb hard drive – with instant retrieval as easy as punching in the required time and date. Image viewing over LAN or JetStream connection is three to four frames per second – enough to capture any suspicious activity.
“Research tells us that approximately 20 percent of staff are stealing from their employer,” says Dennis O’Brien, sales manager for Advanced Camera Technologies. “But the problem is that some 80 percent of managers don’t believe it! The ease of use with the DVR technology means that more people are likely to spend few minutes on regular basis re