Iron Mountain

Iron Mountain

December 16, 2011 08:07 ET

Don't Leave Your Business Data as a Seasonal Gift for Criminals

Iron Mountain Provides a Business Check-List for a Trouble-Free Festive Break

LONDON, UNITED KINGDOM--(Marketwire - Dec. 16, 2011) - Over the festive break, unattended offices and bad weather can make it challenging for companies to access and protect their information. Many organisations are increasingly allowing staff to work from home in the run up to the holidays, particularly if the weather makes travelling difficult. Often, this means letting information leave the office, placing valuable business assets at higher risk than might normally be the case. At the same time, documents left behind in a deserted workplace could be vulnerable to theft.

Information management company Iron Mountain advises companies to take a few practical steps to minimise the risks associated with the extended holiday period.

"This time of year brings a much longed-for holiday period for many - a chance to spend time with the family and forget about work," said Marc Duale, President of International at Iron Mountain. "Many businesses slow down or even close altogether. However, before switching off the lights and closing the door, businesses need to ensure their information is well protected and can be accessed if required. Consequently, we urge business leaders to review their disaster recovery plans at this time of year and make sure every employee is aware of the responsibility they hold to protect company information."

Practical steps to ensure businesses avoid the risks associated with the winter holiday period:

  1. Ensure information management processes are in place for employees who choose to work from home

Guidelines on the use of personal IT

Many workers may be tempted to use personal IT equipment to catch up on work-related deadlines over the holiday. While this is fine for checking email through a secure server, it can be tempting for employees to download work documents to their own computer, putting sensitive company materials at risk. Companies should have policies in place to ensure that employees use correct hardware at all times and ensure that the policies are communicated clearly throughout the organisation.

Secure disposal

Well-meaning employees may also print company-sensitive documents or transfer them to a mobile device so they can work during the holiday period without needing to return to the office. It's imperative that companies brief employees regarding confidential destruction measures, highlighting that it is not acceptable to discard any document in their home waste. Documents should be returned to the office for secure disposal.

Mobile vulnerability

The risk of mobile devices falling into the wrong hands through loss or theft are well publicised and, as a consequence, awareness is growing. However, any extended holiday or time for celebration can increase the risk. With the possibility that mobile devices can walk out the door carrying a host of company information, businesses must have a clear strategy in place for information retrieval and remote wiping.

  1. Make sure buildings and IT networks are secured

Businesses should ensure that monitoring systems are live and in place. Disaster recovery plans should be tested and active. Prior to leaving the office for the holidays, provisions must be made to ensure that appropriate action will be taken should an incident occur over the holiday period.

  1. Brief all employees and reduce 'insider threat'

It is likely that many businesses will be running with a skeleton workforce over the holidays. With fewer staff, it's even more important that businesses are confident that each individual is briefed fully on how to deal with a serious incident - training should be provided to all employees so they know how to respond.

A tried and tested Incident Response Programme should be implemented. Businesses should earmark specific employees to take responsibility for the task who will have the ability and authority to make decisions should an incident arise.

During these times of reduced supervision, businesses should be mindful that the risk of 'insider threat' will likely be elevated. To reduce the threat, businesses should go back to basics and implement employee vetting procedures to ensure that the right people are in place.

  1. Conduct a Business Impact Analysis to assess risks and controls

A Business Impact Analysis should be undertaken every six months as part of best-practice business continuity. This will allow organisations to constantly patrol the waters for potential business vulnerabilities and review previous activity.

About Iron Mountain:

Iron Mountain Incorporated (NYSE:IRM) provides information management services that help organisations lower the costs, risks and inefficiencies of managing their physical and digital data. The Company's solutions enable customers to protect and better use their information-regardless of its format, location or lifecycle stage-so they can optimise their business and ensure proper recovery, compliance and discovery. Founded in 1951, Iron Mountain manages billions of information assets, including business records, electronic files, medical data and more for organisations around the world. Visit for more information.

Contact Information