February 02, 2017

5 Information Security Faux Pas Organizations Should Retire

Privacy laws around the world require companies to securely dispose of confidential workplace documents when they are no longer needed. The issue of security becomes more apparent in the tabloids every day that in the wrong hands, workplace information can lead to theft, fraud, and identity theft.

But there are still many workplaces who are not in compliance.

Here are some surprising disposal methods that organizations still use for information in the workplace:

• Throw it in the garbage. Garbage cans are not secure. Dumpster divers and information thieves target garbage bins. Plus, paper documents can end up blowing out of parking lot dumpsters. A 2014 Ponemon study showed that 77% of respondents shred less than half of all documents containing sensitive information before disposal. An earlier Ponemon study showed that paper documents are most at risk in a trash bin. What to do: Establish clear guidelines and policies for the destruction of sensitive documents.
• Send documents for incineration. In February, 2016 a Florida-based health services provider reported a breach of almost 500,000 patients’ personal health information (PHI) when files on their way for incineration fell off a truck. There have been reports of companies asking their own employees to take confidential waste home and burn it too. In both cases, there’s an obvious lack of secure handling of information. What to do: Partner with a trustworthy document destruction company that has a secure chain of custody including security-trained personnel, and provides a Certificate of Destruction after every shred.
• Recycle paper. An Ohio-based health provider reported a breach of patient records when over 100,000 patient files were found in a recycling bin. Paper in an open recycling bin is at risk because insider fraudsters and other criminals can steal it easily. Also, recycling companies are not usually in the business of security. What to do: Replace paper recycling bins with locked consoles for document storage. A trustworthy document shredding provider will provide secure storage and handling every step of the way, and all documents will be securely shredded before being sent for recycling.
• Let employees decide. The main security threat in the protection of paper documents is mostly the negligent employee or third party, according to the Ponemon paper. There are increased risks when a shredding policy allows employees to determine if information is ‘confidential’ and needs to be protected during storage and disposal. “Faced with the choice of doing a superb job or complying with security policies, employees will most often choose to do a better job,” concluded the Ponemon paper. What to do: Implement a Shred-it all Policy so that the decision is not left up to employees, and all information must be protected and securely destroyed when it is no longer needed.
• Shred internally: A small business sometimes purchases its own shredding machine, and delegates the task of in-house shredding. In addition to the productivity losses, this method does not promote secure handling of confidential information. Plus, this type of shredded paper can be reconstructed. What to do: Partner with a professional document destruction company that provides industrial grade shredding (proprietary cross cut shredding) and specialized shred sizes that meet industry requirements so documents can't be reproduced or recreated.

An organization doesn’t have to choose secure document destruction over recycling – a trustworthy company provides both.