The branch that you searched for does not have a page in your preferred language. Would you like to visit the branch page on the #CODE# site?
As the world leader in paper shredding, we ensure your documents are securely destroyed.
Hard drives could cost you millions in a data breach. Physically destroy your electronic data.
Stay ahead of legal or regulatory risks with our easy, online compliance training.
Get a Quote
Back To Information Security Resources
In this issue we are looking at how disruptions both inside and outside of the workplace can leave organizations vulnerable to a data security Breach.
Welcome to the seventh edition of Securing the Future, a periodic e-newsletter from Shred-it. Modern organizations are susceptible to all sorts of disruptive events. Among them are fires, natural disasters, power blackouts, terrorist attacks, national pandemics, cyber attacks and information security breaches. In this age of increased security threats, the growth and survival of your business depends on its ability to function and manage, even through a crisis.
Download PDF Version
Over the last 10 years, we have witnessed 9/11, the Northeast Blackout of 2003, SARS and the H1N1 influenza outbreak and Hurricane Juan. What else is coming down the road?
While the likelihood of a serious emergency may appear low, the recovery costs from even a low-scale disaster are often high. Simply put, your business cannot afford the risk of being unprepared for disruptions. That is why it is important to have comprehensive plans in place that address a wide range of emergency scenarios. While crisis responses are multi-faceted, they should always include an information security planning component. An information security component can avert a potential information breach, and with it the associated financial loss and reputational damage.
"At Shred-it, we believe that prevention is the best crisis planning tool," says Vincent R. De Palma, President and CEO at Shred-it. "To avoid a disaster-related information breach, all information, in both paper and electronic form, must be secured, regardless of where it is located. Likewise, all information that is no longer needed should be destroyed."
Two added challenges are that prevention and information security preparedness are very difficult to coordinate in the short-term before a forecasted disaster strikes and near impossible to coordinate with an unforeseen disaster. Yet, with some forethought, these scenarios are relatively easy to avoid.
According to Shred-it client research, only 68 per cent of organizations in Canada have official guidelines for document destruction1. Only 79 per cent of Canadian organizations view document destruction as an essential part of their information security.
“We know that when sensitive documents, such as legal files or medical records, are unsecured, they are at risk of being misplaced, misused or stolen, which can lead to long-term financial, legal and reputational issues. But consider the equally hazardous risks that they can also be carried away during a severe storm, scattered outside during a fire or simply become more vulnerable in the disorder of a blackout,” says Mr. De Palma. Even if documents are already partially destroyed, they may still be targets for identity theft. For instance, wet paper may look useless, but a thief with a blow dryer could use it to steal information about your business, your associates or clients.
Document management and destruction should not be left to chance or discretion of individual managers or employees. There must be a strategic, systematic, companywide effort that addresses information security at all levels. While there is no single recipe for success, information security measures that are applicable to most organizations include:
Implementing these measures means, there are no unattended files sitting in the corners of your office – they are either filed away securely or completely destroyed. This means that, should an emergency strike, the risk of an information security breach is dramatically reduced, regardless of what happens with the rest of your company’s waste. Destroyed information is no longer a threat, and paper waste securely locked in metal consoles is harder to access even if submerged in water, fire or snow.
The private sector, which operates a vast share of Canada’s economy, is an important player in the protection of our safety and security. Yet, smaller organizations tend to have a more lax security environment.
One of Shred-it’s small business clients3 recalled that, when taking over a small accounting firm, he was surprised to discover that all paper waste used to go to regular garbage boxes and had been left unshredded outside of the building for pick-up by municipal garbage-collection services.
There are two important tenets behind all best practices in secure document management:
Shred-it advocates a tight chain of custody around the entire document management process that should be implemented in a strategic, systematic way. Below is a list of best practices that forward-looking organizations follow to protect themselves, their clients, employees and other stakeholders during normal operations and in an event of emergency:
The federal government is currently working on amendments to the Personal Information Protection and Electronic Documents Act (PIPEDA). While the bill (known as the Safeguarding Canadians’ Personal Information Act) has yet to be passed in parliament, it will potentially enforce organizations to disclose certain security breaches when they occur. Shred-it is keeping a close watch on the development of this bill (and all related federal legislation) and will continue to provide updates, so that you can continue focusing your time on your business.
Stay informed with the latest in information security news and promotions.
Fill out the form or call 888.750.6450 to start protecting your business today!