August 04, 2016

Document Shredding: You Won't Believe Where Some Companies Go Wrong

Despite the dizzying number of data breaches that occur today, many businesses still don’t have the right document destruction process in place to safeguard sensitive information.

“Neglecting to secure your paper and digital records can compromise your organization by putting valuable customer data and business intelligence at risk,” said Dr. Larry Ponemon of the Ponemon Institute, in an online post.

Data breaches cost companies millions of dollars in non-compliance fines, lost business and reputation, and legal costs.

Here is where some companies go wrong when it comes to protecting confidential information: 

  • No policy: Despite privacy laws and regulations, one-third of respondents in Ponemon’s 2014 Security of Paper Records & Document Shredding study said their organizations did not have a paper shredding process for the secure destruction of confidential documents. Also, 77% of companies shred less than half of all documents containing sensitive or confidential information before disposal.
  • Negligent disposal: Open recycling bins and garbage receptacles are targets for criminals looking for confidential information they can steal. According to an earlier study, a trash bin is one of the places where paper documents are most at risk. Partner with a professional document destruction that provides a secure document destruction process with locked consoles, security trained personnel, on- or off-site paper shredding, and a Certificate of Destruction after every shred.
  • Too trusting:  Insider misuse of digital information is a huge concern in the workplace, according to the 2016 Data Breach Investigations Report. The Ponemon study showed that the negligent employee (or third party) is the main security threat in the protection of paper documents. Monitor user behavior, control access to information, and have a secure shredding process. 
  • Taking chances: Over half of employees in the Ponemon study put documents at risk by leaving them at communal printers, in meeting rooms, or at meetings outside the office. Document images on copying machines, printers and fax machines are also threat. A professional document destruction company will do a security risk assessment to identity these kinds of vulnerabilities. Implement a Shred-it All Policy too so that all documents are destroyed when no longer needed.  
  • Not enough training: “It’s often a simple mistake by one of your employees that triggers an incident,” concluded the Data Breach Investigations Report. Make people the first line of defense in an organization by providing on-going training as well as easy access to secure paper shredding.
  • Lack of physical security: Physical theft and loss of devices and information increase the risk of a data breach. Establish a Clean Desk Policy, create a company policy covering the printing and transportation of sensitive data, and provide endpoint safeguards such as encryption on all devices.
  • Hard drives:  Digital information must be treated like paper information – and protected from creation through to disposal. While thorough disposal procedures seem obvious, they’re not always in place.  Secure hard drive destruction is critical.
  • Not using a professional destruction service: Help employees become more accountable by partnering with a secure service provider that makes it convenient to safeguard and dispose of paper documents into locked consoles.

Secure document destruction is just one aspect of a protected workplace.