Common Mistakes Businesses Do When Maintaining Security Of Sensitive Data

Answer;              

Not properly classifying the sensitive information, managing it accordingly and in turn protecting it against current threats.

 

Secure Paper Shredding Hard Drive Shredding WEEE Destruction

 

As you read this from your mobile, tablet and or computer you are viewing data digitally. Paper shredding in Ireland and industrial paper shredding services offer data protection services for said devices. Knowing technology pitfalls is a massive part to data protection while also knowing how and when to share your digital information must also be considered.

There are three critical points to the proper protection of sensitive data.

  1. Data Classification

In line with European Standards; Companies must understand what data needs to be protected and create a Data Classification Policy. This policy in turn will classify data based on sensitivity. At a minimum three levels of data classification are needed.

    • Restricted: This information requires very high protection, Unauthorised dissemination would have serious terminal consequences for the company and infringe trade confidentiality obligations, contracts or laws. It is essential that the confidentiality of personal data is maintained. Otherwise there is a risk to the health and safety or personal freedom of the affected persons.

All data that reaches its end of life should be destroyed to a minimum of Shred No.6 of EN 15713 to ensure destruction beyond reconstruction.

    • Confidential or Private: This is moderately sensitive data that would cause a moderate risk to the company and could infringe legal obligations or laws if compromised. Access is internal to the company or department that owns the data. There would otherwise be a considerable risk to the social standing and financial situation of the affected persons.

All data that reaches its end of life should be destroyed to a minimum of Shred No.4 of EN 15713.

    • Public: This is non-sensitive data that would cause little or no risk to the company if accessed. Access is loosely, or not, controlled.

All data that reaches its end of life should be destroyed to a minimum of Shred No.3 of EN 15713.

 

  1. Encryption – All Organisations should have an encryption strategy in place to ensure all staff are aware and capable of utilising it correctly. The essential element to a good encryption strategy is to use strong encryption and detailed key management.

 

  1. Cloud Misuse – Essentially cloud storage translates to storing your data on someone else’s computer. When it is uploaded, the control over it is no longer only yours. Encryption should always be implemented prior to uploading to the Cloud. It is always advisable to read through the cloud providers policies with regard to handling data.

 

The most important thing for business is to be aware of the technology pitfalls. Secure document destruction in Ireland and its data protection laws are different to other countries. While the laws may be different country to country, the method of data breaches are usually the same. The more you know the better you can protect yourself and business from data breaches.

For more information on a secure document shredding service in the Dublin, Cork, Limerick or Galway area please visit: www.securityinshredding.com

Feel free to join in on the conversation @securityinshred

Top 5 Workplace Security Tips

secure data, workplace security

Workplace Security does not just mean a simple office shredder. Data Protection comes in many forms and is worth knowing these methods.

Data Protection is an important part of business practice. Paper shredders are often used to shred confidential documents. Your standard office shredder does not provide adequate security when shredding. An Industrial paper shredding service will provide a secure document destruction method for your business to use.

Along with paper shredding, there are many other forms of security you and your business can incorporate into everyday practice. We live in an age where data breaches are becoming more and more common which makes protecting this data ever more important. Digital data is now an area of protection and is often overlooked. These over sights is what cyber criminals will prey on and thus a Data Breach will occur causing severe damage to your business reputation.

 

Tip 1: Outsource your secure and confidential document destruction requirements to a certified professional Data Processor whom is reputable and reliable.

Tip 2: Enquire with your current data destruction provider about their e-media services. Hard drives and other types of media should either be shredded or crushed to ensure all the electronic data is securely destroyed and beyond reconstruction. If your service provider does not provide same, contact a member of our team whom are more than happy to help with your enquiry.

Tip 3: Choose a Service Provider that uses secure certified document destruction technologies, lockable consoles and/or locked 240 Litre wheelie bins, issue Data Processing Certificates and operate with a secure chain of custody.

Tip 4: Appoint a Data Compliance Officer in your Organisation whom is responsible for ensuring compliance regarding the correct management of both paper data and digital data within an organisation.

Tip 5: Conduct regular staff refresher training days regarding the importance of information security and the processes associated with same. Have training material prepared and on hand for induction training when new employees begin.

 

For more information on paper shredding and confidential document destruction in Ireland please visit: www.securityinshredding.com

Firms Not Insured For Data Security Breaches

Security in Shredding Data protection & destruction

This topic is becoming more and more common. Shredding confidential paper is widely accepted practice for Data Protection. At Security In Shredding we understand the benefits of document shredding.

We also believe in have a proper digital data destruction system in place for your business. The Data Protection Act requires you to ensure your data is maintained and is not vulnerable to Data Breach.

A recent report from Risk:Value NTT Com Security, questioned 1000 non IT-Business across the UK, USA, Germany, Switzerland, Norway and France asking if they had insurance to cover data security breaches. 1 in 10 had data protection insurance.

With the increase in Cyber attacks globally and small businesses are targeted. It not just activists attacking multi national corporations. Any business if vulnerable may be attacked. It pays to have the adequate insurance in place. Now more than ever does this kind of insurance become applicable. With mobile devices, tablets and hard drives widely available, people are not as aware of the pitfalls of these devices regarding Data Security.

An Insurance policy will help against Data Leaks and Breaches. Data Protection methods must be in place as there may be certain criteria in place to be covered by the policy.

Risk Management Policy

Having an insurance policy in place is fine nothing wrong with it but Data Security comes down to your business having security measures in place that prevent data breaches. How your business handles sensitive data and who has access to it must be business practice.

The disposal of data must also be considered, a confidential document destruction service can be incorporated. These services can be availed on site or off site with collection available. Depending on your business location will effect what type of service is used but confidentiality is paramount when operating.

Digital devices should be password protected and encrypted where available. Sending emails and texts can now be encrypted end to end which will improve your Data Security in public areas. Whatsapp a free SMS messaging application that offers encryption which is a simple but easy protected communication service.

When devices are no longer in use it is recommended that these devices are destroyed if they are no longer in use.

Document Shredding Services Ireland

At Security In Shredding we offer secure shredding service for your Data Protection needs. Please Like, Subscribe and Comment to our blog.

 

Why Hard Drive Security Is Vital To Data Security

Data Destruction, Data Security, Digital DataHard drive destruction should also be incorporated with your document shredding process. Data Security comes in many forms and protecting your digital data is equally important as your paper data.The BBC ran a story warning that the only way to prevent cyber criminals from accessing information from old computers is to completely destroy hard drives. Formatting the drive does not erase the data completely. The warning came after a study showed thousands (22,000) of ‘deleted’ or ‘reformatted’ files were recovered from old computers purchased online or elsewhere.

The fact is there are software programs designed to help cyber criminals extract data even after it has been electronically erased from a hard drive.

(The data is not removed, it is allowing the data to be over written)

At the same time, there are other concerns that make secure electronic media and hard drive destruction a critical aspect of device security.

These are hard drive security concerns everyone should be wary of:

  • Volume.  There are more hard drives than ever in the workplace… in desktop computers, laptops, servers, phones, USB thumb drives, printers, copiers, and other equipment. In 2015, technology companies shipped more than 2.6 billion devices containing hard drives, according to US IT research firm Gartner.
  • Internet of Things (IoT).  According to one report, there are about 14 billion objects connected to the Internet today, and by 2020 industry analysts estimate the number will increase to anywhere from 20 billion to 100 billion. Many organisations are integrating IoT devices into the workplace to make work easier and more efficient, but employee IoT devices, which transmit and receive data, are an attack vector for cyber criminals. Safeguards must protect the business and the individual.
  • Upgrades.  Electronics become obsolete (and are replaced) within three or four years – and that affects BYOD security and other safeguards. Sensitive customer information is often stored on mobile devices, yet few employees take the necessary steps to keep corporate data on their devices secure. Many smart phones are not even password protected.
  • Data Protection Laws.  The Data Protection Act and industry guidelines require organisations to securely destroy confidential data at the end of its life. Failing to properly dispose of information could lead to a data breach, resulting in a fine of up to €100,000 being levied by the Information Commissioner’s Office.
  • Cybercrime.  Industry experts predict a continued boom in cybercrime. In terms of cost, the average consolidated total cost of a data breach rose 7% to €2.98 million in 2015 compared to the previous year. The 2015 Cost of Data Breach Study: UK from Ponemon also showed that the average global cost for each lost or stolen confidential record increased from a consolidated average of €120 to €130.
  • Responsibility.  Data stewardship is a corporate priority and responsibility. Security-driven workplace systems and controls help protect against external trends like data breaches and cybercrime. For example, a document management process protects confidential information from its creation to end of life. You will find that Businesses have never disposed of hard drives, USBs and other hardware that contain confidential information. A best practice: partner with a document destruction company that provides secure hard drive destruction as well as other security services and products for the workplace.

It’s important to understand device security and know your electronic media pitfalls and vulnerabilities to avoid being costly data breaches and a damage to your companies reputation.

Like, Comment & Share this story. Get involved in the conversation.

Reasons why having a “Clear Desk” Policy is beneficial for businesses today

confidential shredding, clean desk policy

A clear space, a clear mind. Paper shredding is a good habit to help clean up and also protect your data. Confidential document shredding service will help you clear out unwanted paper and documents that may have built up over the years.

(Shred your waste paper data)

It is the time of year for new beginnings, new healthy practices and in the business arena new accounting years. Even though we advocate best healthy practice we will now take a look at kick-starting some best practices for housekeeping within your place of work.

When looking around in your offices; are you looking at paper documents stacked in areas to be “Got to at some stage”, as we have begun new healthy habits in our personal lives it is also a great decision to look at implementing a clean desk policy also known as “waste paper procedure” within your offices.

Similar to a clean eating policy where you maintain clean and healthy macronutrients entering your body, a clean desk policy will direct your employees in maintaining a clean desk at all times during their working day.

We are all aware of the benefits of having a clean working area, “a tidy space equates to a tidy mind” however, a clean desk policy will also empower your Organisation to protect data in line with Data Protection Legislation.

Simple guidelines to protect your working data, whether the data is sensitive commercial data and/or personal sensitive data is to;

  1. Passwords and encryption upon electronic data carrier
  2. Have lockable cabinets within your office areas
  • Other suitable secure storage if/when required
  1. Once any of the data has been used and is no longer required you should insert it into secure consoles (Cabinets) awaiting destruction.

A well detailed and structured “Waste paper Procedure/Clean Desk Policy” really is of serious benefit to any Organisation and protects you in many ways such as;

  1. Saved money and resources
    Using a clean desk policy and having a certified vendor saves money upon downtime for staff in destroying old data
  2. Protect your Organisations Data and improve upon internal data flows

Detailing to staff that data digitalisation is the new company policy you will save money upon printing costs, increase efficiencies in data transfers and maintain business competitive with new data storage technologies.

  1. Data Protection law compliance
    It is essential for business to comply with the relevant Data Protection Laws in their jurisdictions, this includes not leaving it resting upon desks for casual bystanders to see the details; the Organisation in turn is protected from receiving for non-compliance fines and penalties
  2. Reduced data breach risk
    When private and sensitive information is protected from unauthorised view, there is less likelihood of information theft, fraud or a security breach, the costs of which can run into the £millions – in fines, reputation damage, and lost business
  3. Create a stronger reliability within your firm
    Ensuring that sensitive information is not left on desks will provide management with peace of mind that possible insider fraud is reduced to a minimum risk.
  4. Create a positive working environment
    As previously covered, a clean and tidy work space results in a clean and tidy mind enabling employees to be happy and consistent with their work duties and create an overall positive atmosphere within your workplace.

For more information, handy tips and beneficial help; Join the conversation on information security with Security in Shredding on Twitter @SecurityInShred.

Why should SME’s outsource the destruction of it confidential documents?

Onsite document destruction

Secure document destruction is an integral part of business practice. Shredding confidential paper can be done by your business but hiring a certified and secure shredding service will benefit your business long term.

Firstly, outsourcing means just what it says — going “out” to find the “source” of what you need. Many companies regularly outsource areas of their business such as document management, payroll, Human Resource Management, cleaning to name but a few.

There are many benefits to outsourcing;

  • Reduction of costs;

Having your own company staff perform tasks that is not their core duty can result in the miss-management of company time resulting in companies paying above the market rate for that task.

  • Efficient Resources;

An outsourced service provider such as Security in Shredding provide an excellent cost structure and economies of scale resulting in giving the client a competitive advantage.

  • Allows the company to focus on core areas;

The clients trained skilled employees are left to focus on their core areas and duties resulting in a continued performance level from the employees and clear objectives are established and adhered to.

  • Save on infrastructure and specific technologies;

As a result of employing an outsourced service provider, you are reducing the cost of wear and tear on company equipment when choosing to outsource to a professional Data Destruction Service Provider.

 

  • Access to skilled resources;

 

A good outsourced service provider like Security in Shredding takes pride in the level of professional work they do. Security in Shredding  have the resources, in-house trained personnel and experience to carry out the task to the highest standard – EN 15713 and hold ISO 9001 certification.

 

  • Eliminating risk;

 

If you employed Security in Shredding as your data destruction service provider; they would manage the risk and eliminate the risk of data breaches and assist with the internal efficient management of paper data within your organisation.

As a result of the demand for outsourced Document Shredding, Security in Shredding has developed certified shredding equipment with the highest level of security shredding technologies available in Ireland to date. The shredding technologies are certified to Shred No. 6 of the EN 15713 shredding standard.

Security in Shredding have ample knowledge and expertise when it comes down to the management and secure certified destruction of data; so search no further. .

Give Security in Shredding a call and they will assist you with the management of your paper data as well as the secure, confidential and certified destruction of paper data. We cater for all size companies ranging from 1-10 employees to 10 + employees and Security in Shredding’s destruction services are nationwide so call us today on +35367 24848. The Security in Shredding team is looking forward to your call.

Please visit Security In Shredding website for more information:

https://www.securityinshredding.com/

Onsite & Off Site Paper Destruction Service

Security In Shredding on site service, Onsite shredding service

At Security In Shredding we provide excellent and secure service in both onsite shredding and onsite collection with off site shredding. Providing paper shredding in Ireland with a high quality service.

Din 66399 Standard

We operate under this standard. The Din requirement is in place and provide 3 separate shredding levels for your data destruction. The level of protection will depend on the how fine the paper is shredded.

  • Din level 1
  • Din level 2
  • Din level 3

The type of documents used will depend on the level of security you should implement. Documents containing a low threat and low impact would require Din level 1. Sensitive data restricted to a small group of people would require Din level 2 as if these documents were leaked would cause harm to a business. Din level 3 should be used for highly confidential data only accessed by authorised people.

On Site Mobile Shredding

This service is beneficial if you require your documents to be securely shredded on business premises. Our specially designed vehicles will securely destroy your documents. The entire process is done securely and is environmentally friendly where all waste is sent to a licensed waste company. More information can be viewed here:

https://www.securityinshredding.com/onsite-document-shredding.php

Off Site Document Shredding

Our off site service is also done to a high standard of security. We operate on a scheduled basis and our staff will collect the bags from a secure area within the business premises. The bags are collected by uniformed staff on a set time and will inform you if they are on route. The bags are placed into a locked secure van and taken to our site where it is shredded. Full details of the process can be viewed here:

https://www.securityinshredding.com/off-site-document-shredding.php

IT & Media Destruction

Data is not just paper data. It comes in many forms and digital data and the devices used also need to be destroyed in a secure manner. Digital has has become more and more popular and data protection of these devices needs to be implemented.

https://www.securityinshredding.com/it-media-destruction.php

Our aim is to provide you with a high quality and highly secure service, with minimal impact on your day to day business activity while maintaining your data security. For more information please visit our site or contact us for a consultation:

https://www.securityinshredding.com/

Shredding Documents Before Recycling Them

Data Protection, Paper Shredding, limeirck paper shredding

Paper data still plays a major part of industrial paper shredding. It is important that you are Shredding confidential paper before it is put into recycling. This is to ensure that your data is protected and cannot be viewed by public eye.

Paper like any other recycling is often left in the blue bin outside your home or business for it to be collected. This is a common practice and nothing wrong with it. If your recycling contains documents of a personal nature and or sensitive data nor for public knowledge, how it is disposed needs to be taken into consideration.

It is quite easy to access anything contained in these bins and within an urban area someone in a “white van” and a high vis jacket could pull up and throw these bags into the van. What they do with these documents may be unclear but can be malicious intent. Having the documents shredded before it is recycled will increase your data security.

Shredding Documents

A good practice for your business to incorporate is to shred your document before you put them into recycling bin. Also to be aware that a simple office shredder does NOT provide adequate data destruction. This data can be reconstructed. An industrial paper shredding service provides you with secure paper shredding. Incorporating a service to handle and destroy your documents should be used.

Scheduled Onsite Collection

A reputable shredding service will provide you with a collection service to handle and securely destroy documents you have. Ringing your shredding service provider and organising a collection at a time specified by you will ensure that you know when your documents are to be transferred.

A shredding service can provide you with sealed bags for collection and shred them in off site paper destruction location. A shredding service can also provide onsite shredding service with their specially designed trucks to handle and destroy these documents.

Data Protection

Under the EU directive the data protection act and the data protection commissioner are governing bodies in place to ensure that businesses handle data correctly and ensure sensitive data is used in a correct manner.

For more information on a reputable shredding service in Ireland please visit:

https://www.securityinshredding.com/

Responding To Data Breaches

Secure Paper Shredding Hard Drive Shredding WEEE Destruction

Paper Data;

Without a confidential document shredding service in place for shredding documents and media devices. Your company or business may become under scrutiny for not having these defensive measures in place to begin with.

It is common practice for a business to securely deal with paper documents in its handling, who can access it and how it is destroyed. Most businesses and organisations will incorporate a reputable paper shredding service and these processes are all above board.

Digital Data;

This trend is still widely used but not with the increase in use of mobile devices globally. Digital Data has become the preferred use of displaying data. How this information is used and the potential of this information being misused. Issues regarding digital use to be an “IT issue” but this is now no longer the case. Data Breaches and leaks have become more and more common due to lack of cyber protections in place. Lack of knowledge for one about cyber security is one factor that causes these issues.

Data Protection

A Data Protection strategy for digital and paper documents must be implemented throughout a business. There are governing bodies in place and bodies localised to your business and is worth knowing what procedures are in place for data protection. In Ireland the Data Protection Commissioner is a governing body directive from the EU.

“The office of the Data Protection Commissioner is established under the 1988 Data Protection Act.  The Data Protection Amendment Act, 2003, updated the legislation, implementing the provisions of EU Directive 95/46. The Acts set out the general principle that individuals should be in a position to control how data relating to them is used.”

The DPC provides guidelines for data protection and methods. If these measures are in place before a data breach occurs, it can save face for a business reputation and wont be scrutinised for not having these measurements in place to begin with.

The DPC site offers guidelines regarding Data Security both physically and digitally and the guidelines can be viewed here.

https://www.dataprotection.ie/docs/Guidance-Material-Menu-Page/m/219.htm

An Industrial Paper Shredding Service will provide you with credible Data Protection service please visit our site for more information:

Email us at info@securityinshredding.com

No. of Data Leaks and Data Breaches Increasing

irish data breaches, Data Protection, Paper Shredding, Data Destruction

Industrial paper shredding can be implemented using an off site shredding service throughout Ireland. Onsite shredding services are also available in the Dublin, Cork, Limerick, Galway and Waterford areas. These services should be common practice for businesses to comply with Data Protection laws.

It has become an increasingly talked about topic both globally and in Ireland of user’s details being leaked accidentally or retrieved through malicious means. The most recent story on a global scale is the “Panama Papers” involving political figures and leaders having offshore accounts and profiting from them. How the leak happened is still unclear but can happen.

Closer to home the Irish Aviation Authority (IAA) was the case of a data leak. The leak revealed the details of listed drone users in the country. No credit card details were released but names, addresses and emails were revealed. The leak was an internal issues and was dealt with accordingly. The Data Protection Commissioner was informed with the leak and appropriate actions were taken.

If A Breach Occurs

Your own business like any other business can be subject to a Data Breach or Leak. To think it wont happen to you is naive and bad business practice. If you feel a breach has occurred there are a number of steps you should follow if the breach occurs.

  • Take your site offline so the leak/breach is no longer available
  • Find out where the breach occurred. Contact IT or site developer for help
  • If public details are released then inform the Data Protection Commissioner
  • Issue a warning to the effected users that the breach occurred
  • Passwords for accounts need to be updated to prevent unwanted access to user accounts.

The quicker you deal with the issue the less damaging it is for business in the long run. Contacting the Data Protection Commissioner (DPC) is important as they are a governing body for issues like these. Failure to contact the DPC can result in a hefty fine and be damaging for business if the issue goes public.

Data Protection is vital for businesses to succeed and now more than ever it is important to have proper Data Security setup to prevent these kind of attacks. A confidential shredding service will provide your business with its Data Protection. Consulting with them about your Data Security would also be recommended.

Data Protection Commissioner Data Security Guidelines:

https://www.dataprotection.ie/viewdoc.asp?DocID=1091