June 06, 2023
The threat of a breach of confidential information contained in physical assets such as paper and hard drives can arise both in and out of the office and can come from external individuals or trusted employees. According to Verizon's 2022 Data Breach Investigations Report, 82% of data breaches involved the human element, and some were of physical materials.
It is crucial to consider using physical document and asset destruction measures, such as engaging professional paper shredding and hard drive destruction services, for items that are no longer needed. These practices can help safeguard businesses against malicious outsiders who may resort to dumpster diving in search of confidential information. They can also help protect against malicious insiders who can acquire confidential documents from insecure office areas such as print stations, desks, trash cans, or recycling bins.
Additionally, discarded electronic devices like USB keys and old hard drives that still contain sensitive data can be stolen. Regular destruction practices help to effectively mitigate these risks.
Learning to recognize physical data security risks will help businesses manage the disposal of confidential information correctly and securely. Here are six common mistakes to avoid to help safeguard sensitive information:
1. Leaving Confidential Data Exposed
There are many ways to inadvertently expose confidential data, from leaving sensitive information on the desk rather than a locked cabinet, to leaving a computer screen unattended and visible to those around. Always protect and shield private information in public spaces. In the workplace, a clean desk policy helps reduce the risk.
2. Throwing Documents in Unsecured Bins
It is a common misconception that disposing of confidential information in a regular trash can or recycling bin is a safe method. This practice should not be used to discard unwanted data or even junk mail. Throwing documents into insecure bins can potentially jeopardize important information because anyone can take documents out when no one is looking.
To help ensure secure collection as well as ultimate recycling of confidential information, use a professional shredding service like Shred-it®. Shred-it® uses locked consoles and NAID-certified processes, that help protect businesses against malicious intruders, who may resort to dumpster diving to get access to information. A professional information destruction company will provide these services and recommend a shred-it-all policy.
3. Stockpiling or Discarding Old Hard Drives
The above rule also applies to data on hard drives. A discarded hard drive creates a risk of possible data exposure. Instead of stockpiling old hard drives, consider securely destroying them by using a service like Shred-it®, which uses machinery to permanently and totally damage the device, making any data recovery impossible.
4. Using a Do-It-Yourself (DIY) Shredder
Businesses often think it may be easier and more cost-effective to manage paper destruction in-house. However, there are hidden costs in the DIY approach that could make it less economical than outsourcing. Some areas where hidden expenses can arise are:
5. Lacking Employee Training
According to Shred-it®’s 2022 Data Protection Report, lack of employee training is a growing concern for small businesses that fear their organization is vulnerable to data breaches (66%). Almost half (48%) of the small business leaders surveyed believe that employee error is a main source of data breaches. Regular employee training can help employees better understand their role in helping the organization remain secure and the actions to take in the event of a data breach.
6. Not Having an Incident Response Plan
An incident response plan is a documented, written plan for staff detailing procedures to detect, respond to, and limit the consequences of a malicious attack. These plans are designed to save time and reduce staff stress should a data breach occur, as it keeps all personnel aware of their assigned duties. Without intentional plans and clearly designated tasks, businesses can risk worsening a data breach incident, potentially damaging their reputations and budgets.
Businesses can use a trusted professional shredding service like Shred-it® that offers a variety of shredding options: