When organizations lose information, the cause can be traced to one — or more — of five risk factors: people, paper documents, information technology systems, other electronic devices, such as tablets or memory sticks, and surveillance devices (bugs).

Our experts can guide you in the selection and implementation of security controls that address these risks; both individually and how they intersect in your organization.

While hackers often grab the headlines, your employees or other insiders really pose the greatest threat to your information. In fact, according to a survey in 2013 of compliance executives in the healthcare industry, nearly two-thirds of data breaches were due to the loss of paper files and portable memory sticks by employees. There are security strategies that you can implement, however, that are often applicable to several risks.

For example, appropriate access controls and need-to-know policies can mitigate risks from people, paper documents and information technology systems. Likewise, enforcing proper disposal/storage methods can help keep paper documents out of the wrong hands. Requiring the use of encrypted portable devices can limit damage if one is lost or stolen.