Why outsourcing secure document shredding can reduce risk
Business and public organisations realise employee-related security risk is a significant source of data breach and carries legal risk, similar to the breach of customer data. It’s a big problem but it isn’t unassailable and there are plenty of ways to mitigate risk.
The 2016 Data Breach Investigations Report (Verizon) highlights some interesting trends based on 64,199 incidents and 3,141 confirmed data breaches;
- 89% of breaches had a financial or espionage motive
- No industry or organisation is bulletproof when it comes to the compromise of data
- Accommodation, Business Services, Finance, Public, Retail are high risk sectors
- People-related and User Device data breaches are highest growth risk areas
- Phishing is a particularly severe risk
The modern-day office represents a potential goldmine of information for malicious employees, associates and fraudsters. Here are eight risk areas;
Recycling bin – leaving confidential information in non-secure locations means any one can access at any time, or worse still, steal the information
Office shredder machine – it can take an employee 5 hours to shred 25kg of paper. Industrial shredders can do the same in minutes
Waste paper bins – it’s hard to ensure every employee / associate knows to appropriately discriminate between what can be put in to general waste and what represents a DPA compliance breach
Overflowing confidential shredding (non-secure) bin – locked consoles spread all over departments and work space is the best way to keep commercially sensitive and private information secure 24/7
Unattended digital storage devices – make sure disks, drives and USBs are locked away, contain just what you need to access in the short term and are destroyed immediately after use
Office in-trays – few organisations are good at enforcing ‘clear desk’ policies which is why security consoles for ALL paper and a shred-all and recycle ALL PAPER policy is best
Discarded photocopies and printed paper – blurred copies or excess copies may not be usable but they can represent attractive sources of information to someone. Schedules, plans, time lines to market, pricing, costs, cost calculations, salaries, marketing plans – all represent commercially sensitive information that should be destroyed
Old photocopier and printer memory cards and hard drives – can contain sensitive information and represent potential DPA and WEEE Directive compliance breaches. You need to ensure they are destroyed beyond use.
It’s not complex – it’s common sense
Having an accredited data shredding specialist to help you manage, keep secure, destroy and recycle is one way for organisations to mitigate risk and maintain data protection compliance. By placing virtually unlimited security consoles throughout work space linked to office use and data outputs, and encouraging ALL paper to be deposited routinely in these locked consoles for regular (timed) collection, shredding and recycling, organisations are removing the most common opportunities for employees and associates to maliciously or otherwise access or irresponsibly dispose of information.
About the author
Dan Hawtin is Managing Director of The Shredding Alliance – a secure shredding service to BS EN 15713, accredited to ISO 9001. Every year, over 7,500 Public, Private and Central Government customers have their paper and hard drive material shredded. Collectively they recycle over 40,000 tonnes of paper, off-set over 50,000 tonnes of carbon and save over 650,000 trees.
