When it comes to data security, it is essential that both the storage and recording of said data are fully compliant with current laws. Whether it be personal details, company accounts, marketing plans or health and safety documentation, you want to make sure it doesn’t fall into the wrong hands, compromise company and personal security, or get damaged.
In today’s tech-focused world, much of our information is stored digitally, and with cloud services allowing us to store items off-site safely, we may feel that out of sight means out of reach and out of risk, but that is not quite the case.
Not all information is stored digitally, and plenty of data is still kept in record books, files and more. We may have what we believe to be robust safety measures in place to keep this type of information safe but often, we don’t. This puts us at risk of insufficient storage solutions leaving confidential or sensitive information free for the wrong hands to access.
We’ve compiled a list of best practices for the storing of both your physical and digital records so you can avoid or reduce the potential for data theft.
Best practices for storing and archiving physical records
When you have lots of paperwork and physical items that require storing, keeping them in the workplace can prove to not only be a security risk but also a safety one too. That is why many businesses look to off-site archiving and storage. Such storage not only helps reduce the number of items in the workplace, but it also keeps them safe from the risk of theft or being compromised too. For some businesses that may not be a possibility though so more robust measures on site may need to be taken. Here are our top five best practices for storing and archiving your physical records.
1. Organised filing systems
There can be an awful lot of paperwork within any business. From tax details to employee information and from business transactions to insurance documents, it can soon mount up. The thing is, you need to know where it is, and whether it is stored correctly. The UK GDPR/ Data Protection Act has very specific rules over how personal data is handled. It states that everyone responsible for using personal data must ensure that information is:
• Not kept for longer than necessary
• Handled in a way that ensures appropriate security, including protection against unlawful or unauthorized processing, access, loss, destruction or damage.
It would be advisable to implement a clear and consistent filing system. Perhaps using colour coded folders and labels to categorise documents. This enables easier access when needed but will also help you know which items should be stored in particular ways. For example, current rules state that your employee records must be stored in a secure area. Coding these all blue for example, means that they won’t get mixed in with daily checklists that are coded yellow that don’t necessarily need to be stored securely. This reduces the risk of “cross-contamination” of your records.
2. Environmental controls
Some types of physical documents are more prone to damage than others. Should they be sensitive in nature, you ideally don’t want them sensitive to the elements. To be safe, anywhere that valuable information is kept should be temperature regulated. Ideally, 65-70°F with humidity of no less than 30% but no more than 50%. This will ensure moisture, heat or light damage are prevented, preserving your documents for lengthy periods.
3. Security measures
It may sound obvious to store your information in lockable cabinets but sometimes that isn’t enough. Many documents are one-offs and may not have a digital backup. Therefore, ensuring their protection is vital. Opt for fireproof and waterproof cabinets so that should there be an incident, the sensitive information can remain safe. You should also look at keeping these secure cabinets in a secure storage room with restricted access. That way, only those with authorization have the opportunity to get to the records and data. For added security where there are highly sensitive records requiring storage, consider the use of a safe.
4. Schedule audits and purge
At times, some data passes its need to be kept and can be removed from your storage. The timelines for this vary depending on the kind of data being kept. For example, credit card receipts must be kept for six years by a UK business. After which they can be destroyed. Schedule regular checks of your stored information to ensure it is current and relevant. If it is no longer required, it can be shredded, which you can choose to do yourself, or via a professional document shredding company.
5. Hire an archiving and storage specialist
If you have an abundance of records requiring storage and a lack of space to securely keep them, it may be advisable to look at a secure storage facility off-site. Places such as these are actively monitored by CCTV, have robust security measures both inside and outside the premises, and ensure that all physical document storage is compliant with the law. Furthermore, access is limited to only those who require it and not just any level of your staff and the aspect of temperature control is strictly adhered to.
Best practices for storing and archiving digital records
Today, more than ever, vast swathes of information are kept digitally and whilst this delivers a heightened sense of security in some ways, it poses vulnerabilities in others.
1. Consistent naming conventions and organisation
Digital files can very soon get lost among each other due to similar file names or programmes, this can lead to confusion when retrieval is needed and potentially inadequate storage if items are saved where they could be more vulnerable. Include the date, project name or department name, and a version number. Then use a hierarchical folder structure that is similar to your physical document filing system. This will enable easy navigation and simple retrieval.
2. Data back up
Data can get lost. Unfortunately, it’s a fact. So, this makes the backup of it all the more important. A 3-2-1 strategy can help you. This is where you have three copies of your data, on two different media types with one copy offsite. This means should there be a data compromise, you’ll always have a copy to fall back on. Opt for external hard drives and use cloud storage to minimise the risk of data theft or loss.
3. Encryption and security
Digital files are susceptible to breaches so enhanced security is essential for its safe storage. You should look at MFA (multi-factor authentication) for accessing records as this will limit who can gain access and ensure that any devices have strong passwords that are frequently updated. It may also be worthwhile to have the devices that hold such information kept in secure areas. This will limit who may be able to see passwords being used or get glimpses of valuable records and data.
4. Access and permissions
Access to digital records should be limited to only those who need access. Even then, the data they have access to should only be relevant to their job or their employee files. Using role-based action controls, you can keep access to sensitive data under control and therefore have more knowledge of who is accessing it and when. As roles change, you should regularly review the permissions to ensure records are only ever viewed by those who should have access.
5. Audits and compliance
It’s easy to get complacent and assume that your data is safe due to the way it is stored digitally but this could make you more susceptible to breaches. Look at how your data is stored and whether it follows the current Data Protection Act. In addition, review your retention policies, ensuring that the audits and reviews of your digital records highlight expired or irrelevant data so it can be safely and securely deleted. This will not only free up space for more recent records but also minimise the risk of this old data possibly being compromised.
6. Look at offsite storage
Much like with physical records, digital records can be safely stored in a professional storage facility. With LTO backup services for portable hard drives, FACT-approved media storage for specific forms of data and temperature-controlled facilities, your digital records are preserved and safe. Keeping them on-site is easy, but it puts them at risk, especially if there is a cyber-attack or even a staff error where items are accidentally deleted.
Preserving your records for future use, or simply posterity, is best achieved when you take advantage of secure off-site storage facilities. This way, you take away the risk of accidental loss, falling victim to breaches or damaging vital documents you may later need.