July 02, 2019

Knowing what to shred is vital to protect your company against a data breach

Day-to-day activities may not always be centered around information security – from scrolling through your inbox in the coffee shop to reviewing confidential contracts before boarding your flight, the reality is that interconnectivity through rapidly advancing technology takes us beyond our offices’ four walls. 
While this allows workers to be more flexible, it also means critical business documents are much more susceptible to data breaches. 

Shred-it’s 2019 Data Protection Report states that over 50% of C-suite executives reported that internal human error is the leading cause of information and security breaches within their organization. This statistic is jarring – while companies can put any number of security tools and technology in place, such reinforcements may render useless when it comes down to human error. 

One of the biggest credit unions in Canada, Desjardins, recently experienced a large data breach that compromised more than 2.9 million personal records. As the largest and most significant information breach in the history of Canadian financial organizations, the story dominated the Canadian news cycle. The cause of the breach? A disgruntled employee knowingly leaked the data, acting illegally and betraying the trust of the leaders at Desjardins. The credit union—whose assets top $300 billion—now potentially face reputational and financial repercussions..

While the Desjardins case wasn’t necessarily due to human error (since the act was intentional), implementing strict policies and communicating consequences of data breaches to employees could end up being an effective way to avoid such situations. So, what should companies do?

1. Clearly identify that all documents have value and should be filed or locked away accordingly.  

This includes: 

  • Contracts 
  • Customer lists
  • Medical records
  • Payroll information

2. Use the Five Step Guide when sorting through documents to destroy.

Ask yourself the following questions. If you answer YES to any of the questions, then SHRED the document.

  1. Does it have any personally identifiable information (PII)?
  2. Does it contain information protected by privacy laws?
  3. Does it violate any privacy laws?
  4. Does it share any confidential corporate information?
  5. Does the document list any financial information?

3. Identify and advise employees about “risk areas” and encourage employees to routinely declutter their workspaces to avoid any potential security concerns.

This includes: 

  • Desks
  • Printing stations
  • Exposed recycling bins 

4. If employees work remotely, ensure that there are strict company protocols they are following when it comes to storing, shredding and disposing of documents. 

At the end of the day, the best way to avoid human error is to ensure that employees are constantly educated on the importance and the severe consequences of information security. The implementation of a clean desk policy is a great place to start and can set the tone for the importance of information security.

To access more resources and empower your company about information security, or set up a secure  document destruction service, contact us today.