By Chris Strammiello
Banks and other financial services firms are document-intensive businesses, and that will likely never change. The volume of financial reports, statements, loans, etc. is growing, and no matter how much we strive to be a “paperless nirvana,” our industry may never fully get there.
People just naturally have a preference to read, absorb and record information on paper. According to one recent U.S. survey, 88 percent of respondents said they understood, retained and used information better when they read general documents on paper as opposed to on electronic devices. In the case of complicated documents, fewer than 16 percent of respondents reported a preference for reading on screens as opposed to paper. In general, reading on paper is perceived as being more informative, less distracting and even less harmful to eyesight.
The Paper Paradox
This creates a paradox where paper remains a key part of many banks’ workdays and work processes, however it is often overlooked in their overall information security plans. If you think paper doesn’t pose a security risk – or that its slippery nature and ability to “live forever” in file cabinets automatically exempts it from digitally-based information security initiatives – think again.
As high-value targets, banks and other financial services firms are under almost constant attack. According to research from IBM x-Force Research, in 2016, financial services was the most targeted industry for cyber-crime – 65 percent more than any other. For this reason, it’s not surprising that banks and firms invest substantial time and money reinforcing their network perimeters to protect information that lies within. Recent headlines, such as the 2017 Equifax breach only intensified this focus.
Digital documents containing highly sensitive personal and financial information may be protected through these network security initiatives, but paper documents are not. Additionally, compared to paper, digital documents usually fall under the umbrella of retention and encryption policies. Extra measures to protect physical paper are often overlooked and all it takes is one misstep (intentional or not) to expose sensitive information and incur significant risk. Consider an employee who prints a document and accidentally leaves it on the paper tray to be intercepted, or an employee who places a highly sensitive document in his briefcase only to forget it on a train. In a sense, the most seemingly innocent piece of office equipment, the printer, becomes a dangerous Achilles’ heel.
Unfortunately,one need not look far to find horror stories of misplaced paperwork across a variety of industries. To circumvent these risks, many financial services firms are trying to digitize more documents through scanning, but scanning and emailing documents is also risky and susceptible to data breaches. For example, someone could maliciously scan and email a document to a private email address, or accidentally email the wrong person. Digitization of physical documents also makes it inherently easier for these documents to be easily shared with numerous people, exacerbating the damage virally.
With paper seemingly sticking around, banks need to start thinking of paper as a first-class citizen and prioritize the security of data residing there. Periodic visits to the file room for shredding and purging sessions are likely not enough. It is true that the physical nature of paper makes it harder to manage, but that doesn’t mean banks should throw their arms in the air and give up. There are in fact techniques that can help reduce the amount of unrestricted paper-based information floating out there “in the wild.” This can deliver a more comprehensive approach to information security and give banks and their clients greater peace of mind.
Chris Strammiello is vice president, Nuance.