Hard copy data poses serious security risk
Hard copy data can present a significant security threat, says Duncan Waugh, founder and CEO of Document Security Solution Specialists.
"In my opinion, it is more significant than the threat to digital data; firstly because most responsible parties or persons (as defined in POPI) will not admit or accept that it is a threat at all," states Waugh, adding that until such time as printers, photocopiers, pens and paper are completely removed from the office environment, it will continue to do so."
However, he points out that given that the complete removal of handwritten and printed communication is not practical, companies need to find alternative measures to combat the risks in this area.
"It is a known - although seldom acknowledged - fact that criminal hackers often use information gleaned from hard copy record data to reduce their search time in locating suitable targets. During forensic data security audits conducted by my company, we often come across Intranet information that we have tested. We have found accessing a digital data base with such basic information gleaned from hard copy records relatively easy," says Waugh.
There is, however, little or no understanding with regard to just how exposed hard copy records are - from receiving the documents, to working with them, storing them, and disposing of them, he says.
He believes dealing with hard copy record security has its own set of challenges and, therefore, its own set of rules.
"Like digital security, it is multifaceted. The only way to effectively deal with the problem, as it stands, is to engage with professional consultants to identify the problems and create a unique set of policies and procedures to be read with and included in the organisations' existing SIEM [security information and event management], assuming they have one."
The alternative, says Waugh, is to utilise existing employees involved in IT security to deal with a problem that is unfamiliar to them, or simply not seen as a threat.
To illustrate the real security threat hard copy data poses, Waugh cites the following example: "We recently audited waste bins in the public domain at a suburban shopping centre. We located undamaged documentation that originated from a division of a major bank that deals with deceased estates. The documents included a printout of all the deceased estate bank accounts, inclusive of Intranet addresses, with handwritten entries next to each account, which we identified to be the code to release the funds from each account. The estimated potential financial loss was in excess of R140 million."
Waugh's presentation at the upcoming ITWeb GRC Summit 2014, to be held in Johannesburg from 4-6 March, will expand on the risks posed by hard copy data and explore the solutions. Click here to find out more and to book.