When you provide professional services such as insurance, financial and legal solutions, your clients are trusting you with their most sensitive information. Document security is critical to preserving trust, loyalty and confidence. Achieving this requires ensuring your contracts, agreements and other confidential documents are securely stored, transferred and accessed only by those who require access.
The following checklist can help you gain greater control over your data and improve your document security.
1. Know your risks: Perform a quick document security assessment anytime by asking the following:
Does our company have written policies in place regarding the collection, retention, handling and destruction of confidential information?
Do employees and suppliers understand and follow these policies consistently?
Do we perform thorough background checks on all employees and suppliers?
Do we stay current and compliant with privacy legislation that affects our business, such as PIPEDA?
Do we have an effective disaster recovery plan? Even a 60-second assessment like this one tends to uncover your greatest vulnerabilities.
2. Check your tech: Does your technology promote safe storage of sensitive data with consideration to the following?
Firewalls
Antivirus and anti-malware protection
Software (including available updates and patches)
Document Security: The Ultimate Checklist
Keeping Financial and Insurance Documents Safe
Hardware
Mobile devices
Applications (such as file sharing)
Encryption standards
Compliance with policy and access privileges
Premises protection
An annual review of your technology by the IT director or CIO is integral to keeping sensitive data safe and identifying security risks that may need immediate attention.
3. Protect your physical workspace and printed documents: Ask yourself the following:
Do we use a reputable courier to send and receive client contracts and other sensitive documents?
Does our courier typically maintain possession of our documents from pickup to delivery?
(Many couriers hand off packages to third parties to complete deliveries, putting confidential information at further risk.)
Are office servers and private documents inaccessible to outsiders?
Are workstations password protected when clients visit?
How do we control and monitor access to our office(s)?
How secure are archived or off-site files?
Do we employ daily clean-desk and shutdown policies?
If mobile devices are lost or stolen, are remote wipe features enabled?
4. Create a culture of information security: How well do you feel your employees understand the following?
Your information security policy (ISP)
How to work from home securely (e.g., using approved equipment with secure company network access, using appropriate document handling practices)
The risks of unsecured instant messaging apps, unapproved file-sharing programs and open wireless networks
The importance of strong passwords that are changed regularly
The consequences of a breach
Many employees are particularly confused about security in “the cloud.” They may save sensitive information to Dropbox and open it at home on a personal device or using a less secure personal email address. They have no idea that even an innocent tweet or text has the potential to be considered a business record. Consider periodic lunch-and-learn sessions and monthly emails that allow you to deliver small bites of current security information regularly.
How many boxes did you check off? With ever-evolving technology, how your financial company or insurance firm safeguards sensitive documents is critical for preventing security breaches, maintaining your reputation and minimizing liability.