February 25, 2016
Using an outside shredding service to destroy and shred confidential information is far more effective than relying on company employees to do the job, say almost three-quarters of organizations in a recent Ponemon study.
The 2014 Security of Paper Records and Document Shredding study concluded that organizations without a comprehensive document security process have an increased likelihood of a data breach.
Of course, for businesses, that’s already higher than ever with almost half of organizations suffering at least one security incident in the last 12 months, according to the 2015 Second Annual Data Breach Industry Forecast.
What are the risks of inside document shredding?
Companies often assign administrative-level employees to do inside shredding even though they lack expertise in secure document handling procedures. Also, an office shredder is usually a strip shredder (pieces can be put back together again by information thieves), and precious time is spent removing staples, etc., from documents. A professional document and data destruction company uses cross-cut, industrial-level technology (for permanent destruction) in a range of shred sizes. It has a secure chain of custody from the time the documents are collected (in locked consoles) to the time they are securely destroyed.
Three quarters of companies – 75% - have experienced a fraud incident in the past year and where perpetrators were identified, four out of five (81%) were insiders. The latest Kroll Global Fraud Report also showed that senior or middle management employees were responsible 36% of the time, junior employees 45% of the time, and third parties 23% of the time.
The 2014 Cyber Security Intelligence Index concluded that 95% of all security incidents involve human error. Partnering with a professional document destruction company helps to establish good document management processes. For example, locked consoles are supplied for confidential information that is no longer needed (and the process becomes a workplace standard). Implementing a Shred-it all policy further reduces the risk of employee error because all documents must be securely shredded... and employees never have to decide what is or isn’t confidential.
It’s the law to securely destroy confidential documents that are no longer needed. Non-compliance can lead to hefty fines and even prison sentences. A professional company will issue a Certificate of Destruction after every shred, which is proof of destruction, and it will stay up-to-date on different privacy laws and compliance requirements.
Without a professional document destruction service, confidential information may just be tossed into open recycling containers or garbage bins. Shred-it’s State of the Industry 2015 Report showed that less than half of small business owners have a protocol in place for storing and disposing of confidential data.
Rather than stockpiling electronics or throwing them into the garbage, old hard drives and e-media must be permanently destroyed. A professional document destruction company should provide these destruction services. The Ponemon study showed that while 51% of companies have a policy for secure destruction of confidential documents, the policy doesn't cover hard drive destruction.
A document management policy plays such a critical role in information security because even a simple mishandling of a single sheet of paper can cause long-lasting damage to both reputation and bottom line.