Playing it Safe: Document Destruction Best Practices
In this issue of Securing the Future, we share best practices for document destruction. We identify three key guidelines to follow and how they will help to keep your customer, employees and business secure.
All organizations possess confidential information about their operations and customers which increases the risk for becoming a target for identity theft and fraud. According to Ernst and Young’s 2012 Global Information Security Survey 1, organizations are increasingly spending more money to address information security challenges. 30% of survey respondents expect to increase information security funding by 5% to 15%, while 9% expect to see an information budget increase of 25% or more over the next 12 months.
“Accessibility to documents that contain confidential data poses a serious threat to the business and reputational integrity of any organization,” says Michael Skidmore, Chief Security Officer at Shred-it. “It’s only common sense that organizations should do what it takes to prevent any compromises of their information, identifying security loopholes and implementing effective and reliable measures to address them.”
Secure document destruction is one of these measures. Based on its 25 years of experience in this business, Shred-it shares some tricks of the trade and practical tips on how to make sure your confidential information stays confidential.
1. Secure Document Destruction at Glance
Best practices in document destruction can be summed up as three general guidelines that are easy to understand and implement:
Shred all and shred regularly – and avoid the risks of human error or poor judgment about what needs to be shredded. Deter the accumulation of confidential paper waste that is stored in different parts of your office, creating a security risk.
Shred before recycling – and spare yourself from worrying about what happens to your confidential paper waste once it is at the recycler or in transit to the recycler.
Shred using a professional service – and ensure there are no security loopholes anywhere in the process. Outsourcing also saves the time and resources of your employees.
When implemented in a strategic and integrated way, these principles will dramatically increase the security of your documents, your business and your customers. But let’s look at them one at a time.
2. Shred it all on a regular basis
A “shred-all” policy is one of the most critical steps you can take towards total information security. It means a department or companywide commitment to shredding all documents on a regular basis. Standardizing document destruction procedures will allow your organization to align its rules and regulations with its information security goals and needs.
in 2012, the Federal Trade Comission settled charges against two payday lending and check cashing companies who carelessly left consumers' Social Security numbers, bank account numbers and credit reports in unsecured dumpsters near their retail locations. The companies agreed to pay $101,500 and were ordered to implement an information destruction program which will be reviewed on a biannual basis for the next 20 years 2.
A shred-all policy is a way to make sure there are no leaks – intentional or unintentional – of your organization’s sensitive information to outside sources, including criminal groups that feed on this sensitive information to commit fraud such as identity theft crimes. In turn, regular disposal of paper waste means it does not accumulate in an uncontrolled manner, reducing the potential for security breaches brought about through negligence or malicious intent.
Tips for successfully implementing a Shred-all Policy
Conduct regular information security assessments to help you identify areas of vulnerability and potential risks in your office. Take time to document the flow of confidential information in your company; where it is created, stored and accessed.
Updateyour document destruction policies accordingly based on your findings and new or updated legislation.
Train your staff in secure document destruction procedures. Show them your commitment to the cause and help them understand the importance of protecting your customers’ – and your company’s – confidential information.
Full cooperation by your employees is paramount, but a word of caution is in order. While most security threats may be perceived to be outside of your organization, don’t overlook the potential for internal threats. Your staff may actually be one of them.
3. Shred before recycling
You may think you are doing your part for the environment by tossing paper into the recycling bin. However, are you recycling in a security-conscious manner? Remember: loose paper is often unattended before it has been recycled, and it can leave your organization vulnerable to potential security breaches. For example, unguarded paper in recycling containers can be misplaced or stolen. Or, it can simply fall out of the recycling truck and onto the street.
There is a way to meet both needs – serving the environment and following responsible business practices - by recycling documents while also keeping your customers’ information confidential. You can achieve both goals by outsourcing document destruction to a reliable service provider with high security standards and a strong environmental record.
You might find it interesting to know that, when working with Shred-it, organizations save one tree through recycling every time they fill up two Shred-it security containers with paper. Shred-it even offers customers an annual Environmental Certificate, which states how many trees they saved that year. What’s more, using recyclable, biodegradable, hydraulic fuels for its vehicles, Shred-it proves its continuing commitment to improve its environmental practices.
4. Shred with a reliable supplier
Once you've implemented all these measures, you’ll come a long way toward the ultimate goal – total security for your customer, employee and business information. However, one question remains – should you hire a third-party provider or try pursuing these measures on your own? Here are a few pointers to help you ponder this question:
When you outsource document destruction, you free up your staff to concentrate on what matters the most – your business and the bottom line. This means productivity savings of up to 15 - 20 per cent, according to Shred-it’s analysis of the number of employees generating and shredding paper, the time it takes them and their hourly wage.
Most organizations do not have the expertise to ensure total security of the document destruction process. Nor do they have the equipment necessary for storing and shredding sensitive documents, such as locked security consoles and powerful shredding machines. Finally, they do not have the resources needed to support the tight chain of custody around the document destruction process.
Shred-it’s on site locked document storage containers ensure that once documents are ready to be discarded, they remain secure and protected until Shred-it personnel arrive. Those documents are then moved to a Shred-it truck, following a tight chain of custody. There, at your location, they are fully shredded, leaving only small confetti-like pieces of paper that cannot be reassembled. Shred-it completes the process, issuing a Certificate of Destruction to provide verification that documents have been securely destroyed.
By outsourcing your document destruction needs, you can gain access to years of experience and deep expertise of a professional document destruction service provider. In doing so, you significantly reduce the risk of unfortunate missteps or accidents, potentially leading to security breaches, privacy violations and identity theft and fraud.
1. Ernst & Young’s 2012 Global Information Security Tracker,http://www.ey.com/GL/en/Services/Advisory/2012-GISS---Fighting-to-close-the-gap---Unbalanced-alignment