Is it time to declutter your office?

Messy Desk

A cluttered office can negatively influence the drive and productivity of employees. Disorder also means that confidential information will be exposed very simply by just being left out where anyone can see.

An orderly office can actually enhance employee productivity as employees should feel more confident and in control.

Here are some tips to declutter your office space and better safeguard confidential data:

  1. Allocate specific space for personal items such as bags/coats etc. 
  2. Clear your desk and only have the absolute necessities for your workday within reach.
  3. Declutter by asking the question “Does this have a use?” and be brutal. If it does not have a specific reason to be there then clear it from your space.
  4. Do not stockpile items such as hard drives etc. When you get a new hard drive, destroy the old one.
  5. Have a specific place for incoming documents that require processing. Paper trays are useful for this.
  6. Organise all digital data into folders and categories too, a cluttered computer can be just as stressful as a desk full of papers.
  7. Schedule in a regular shredding service or request on demand shredding depending on how much paperwork builds up and how regularly.
  8. Sticky notes are super handy and I have to admit I use them all the time however where possible digital reminders for events and notes are tidier and more secure.
  9. Where possible convert your documents to digital format and put paper into protected consoles for secure destruction or locked filing cabinets when it is necessary to keep them.

Some People do thrive in the chaos and clutter however, most would say that a clean working environment equates to a tidy mind. Not only that, it is also safer for the protection of information within your company.

CCTV & GDPR

CCTV data destruction services

When we think of GDPR data protection, most of us have a tendency to consider organisations retaining specifics, such as our name, date of birth, address, financial details etc. But there is a manner of attaining data that is so prevalent we scarcely notice it anymore – CCTV.

If your company makes use of CCTV, you must know that the images compiled are categorised as personal data and subject to GDPR data protection regulations. In order to be GDPR compliant you need to have a clear policy stating the reasoning behind it, security, risk of theft etc. People need to be aware they are being recorded on CCTV so it is necessary to place signs in areas that are observed with CCTV.

Your policy should also include how long you intend to keep the footage for which is generally accepted as 30 days. If you need to keep it longer your policy will need to include why it is necessary for it to be kept this long. Here you can find detailed information on the code of practice for CCTV.

Eventually it will be necessary to delete old footage, your system will most likely have a setting that will auto delete over a number of days depending on what you set it to. However, if you decide to upgrade your entire system your hard drives will need to be destroyed as data can be recoverable long after it is deleted and removed from your system. This can be detrimental to your compliance with GDPR. I would recommend the use of data destruction services. Here at ‘Security in Shredding’ items received for destroying data are logged on our asset tracking software; our clients receive a comprehensive report during the invoicing stage in order for complete traceability. This will allow you peace of mind and keep your business at the highest standard of security and compliance.

Reducing the Risk of Human Error

Author: Videoplasty.com
Corporate Woman Being Stressed at Work.svg from Wikimedia Commons
License: Creative Commons Attribution-ShareAlike 4.0

Human error is a huge threat to any industry. It exists in all walks of life from the medical to the legal and service professions. Avoiding this one hundred percent of the time is unavoidable because at the end of the day we are all human, but there are strategies that we can put in place to limit it at all costs including the vital step of confidential shredding.

1.      Have centralised control

Don’t allow everyone and anyone easy access to your documents within the company. Have a specific information security officer who will be responsible for giving access to employees who request it.

2.      Train your Employees

Staff Training

There should be a standardised practice in place in which your employees are fully trained in. It is important that they understand the necessity for the secure disposal of documentation. Your policy should specifically address what needs to be disposed of and when it needs to be disposed.

3.      Locking Documents away

Anything that is to be kept needs to be kept in a secure filing cabinet or drawer. If the Employee has work to do the following day, documents need to be locked up and secured sufficiently. A general rule for your employees should be to never leave documents in plain sight.

4.      Email Correspondence

Sending Email

Accidentally emailing confidential information to recipients in error is such an easy mistake to make. It is important that your employees are fully alert and double check everything before they send. Always encourage your employees to recheck their recipients and ask themselves before they send ‘is this going to the right person/people?’ This should be included in their training and emphasised.  

Taking all these steps and shredding any data devices or documentation that is no longer required will ensure that human error is minimised as much as possible.

6 Habits that put your Data in Jeopardy

1.      Leaving documents on your desk

You may be leaving these out so that you remember to work on them in the morning however this is not recommended. It can leave you vulnerable to theft and at risk of information being misused. The best thing to do is to have a secure locker or drawer to put any documents you are currently using. When they are no longer needed don’t forget to use your secure shredding services.

2.      Using passwords that are too easy to guess.

Change Password

It can be difficult to remember all these passwords however using the same password for everything or using very basic passwords can be detrimental to the security of you and your business. Try to use a password which consists of at least 9 characters and combines upper case, lower case, numbers and symbols. Avoid writing passwords down anywhere as these can easily be misplaced and fall into the wrong hands. I use a password manager because I just can’t remember them all off the top of my head.

3.      Throwing out old mobile devices or laptops.

Even if you format your device the information can still be recoverable. These must not be disposed of incorrectly. You may need to use a hard drive destruction service or a digital data destruction service. 

4.      Delaying updates

Delaying Updates

I find I am always asked to do updates at the wrong time. It is always when I’m busy or engaged in something on my computer or phone that I am asked to do them. Regularly I am guilty of postponing these updates for any length of time. This is risky in both a personal and professional setting. When your device needs an update it is most often an update that deals with any security issues or threats. It is important to keep things up to date so you are protected to the utmost degree on your digital devices.

5.      Opening Email attachments from unrecognised sources

Sometimes these look like emails from legitimate sources and they may be attempting to trick you with a phishing scam. Recently I received one to my personal email about my Netflix payment not going through and could I please resubmit my payment information. My Netflix was due at that time and had I not been aware of what to watch out for I may have fallen victim to it. Usually the email address will give them away and won’t have the expected domain name of the business. They will often have spelling mistakes somewhere in the email or in the link if you happen to click on it before realising what it is. Only open attachments you are expecting and from sources you recognise.

6.      Throwing documents into the recycling bin or rubbish bin

Rubbish documents

If you do not dispose of your paper documents correctly, you are creating a massive breach in the security of your company. Recycling waste and rubbish are easily accessible to anyone. Information can be pieced together that can be dangerous for your business. It is also against the General Data Protection Regulation (GDPR) to dispose of this data incorrectly. 

4 Steps to Avoid Mistakes in Physical Data Management

Recently we have been discussing in detail the risks associated with digital devices and cyber security however physical documentation needs to be secure too and there are some measures you can put in place to ensure this is paramount.

Files

1.      Index your files

The majority of the files that your business will gather over time may never even be used or accessed after a certain length of time. Having an indexing system in place will allow you to keep track of each and every document, when they are received and what purpose they serve for the company. It will be convenient for finding and accessing documents efficiently.

2.      Retention & Disposal Schedules

Included with your indexing system you can schedule each documents lifespan. The recommended maximum time to keep most documentation is seven years however this will depend on the individual document. Therefore, when you index each file add an end date. It will allow you to quickly find anything you need. It will also assist you in removing the clutter of documents you no longer need and keep you compliant with the ‘EU General Data Protection Regulation’ (GDPR)

3.      Storage

Use document storage boxes which are secure and locked. Taking all of these precautions and then having a filing cabinet which is open and accessible to anyone and everyone will just undermine any security measures you have put in place.

4.      Shredding

Last but not least is your method of destruction once your documents have reached their use by date. You will need to decide what kind of service best suits you; onsite shredding or offsite shredding. Having your secure paper shredding service scheduled regularly can be convenient. Just contact us and we can discuss what option would suit you best.

Shredded Paper

Getting Ready for 2020

2020 is fast approaching. Rather than leaving things to the last minute, now is the time to begin your end of year clear-out. What needs to be shredded and what needs to be kept in storage? As a general rule, older archives past the 7-year date mark should be destroyed. This whole process can be overwhelming and time consuming however in order to keep the procedure as time efficient and simple as possible there are a few questions you should ask yourself.

Office Documents in Boxes
  • What is the type of data?
  • Why do you have it? Do you really need it? Is it easy to get that information again if you need it down the line?
  • Where is it kept? Is it kept in filing cabinets? Or is it digitally saved?
  • When was it acquired? Has it been over 7 years ago? Is it time to remove it from your records?
  • Who has access to it?
Organised documents

Answering these questions should provide you with the necessary solutions you need in order to keep compliant with the GDPR. When asking yourself these questions it is important to consider all forms of data; confidential paper, hard-drives and media devices, or branded products such as business cards or uniforms etc. Once all this is organised it is time to contact your trusted shredding company who can provide you with options for the certified destruction of your data.

The sooner you begin; the sooner you are ready for the new year.

Cyber Security – What can you do?

As important as ensuring your physical data is kept secure through a paper shredding service, digital data security needs to be managed. Everything in today’s world is online from business to leisure. Most of our days are spent connected to some network or another, in front of one screen or another. Data is our most valuable resource. For a business data is customer information which needs to be protected. Why would anyone choose to frequent a business or establishment that has zero ability to keep their information safe and secure? There are a number of things that can be done in order to ensure that this is achieved. Some may seem obvious and simple but may be the difference between success and failure.

1.      Firewall & Virus Protection

Always have a strong firewall and virus protection on your computers and devices that connect to the internet. A hacker is a person who uses computing devices to gain unauthorised access to data. If a hacker breaks through any defences you have, they not only will have access to what you do or say online but also to every file on your PC and every keystroke you make.

2.      Strong Passwords

Passwords should not be obvious and the best passwords are random letters and symbols. They shouldn’t be written down anywhere. It is also recommended to use a different password for every account or device you use. However, remembering all these random letters and symbols can be impossible for most people, password managers are useful in this situation. They pose their own risks too however.

3.      Avoid Public Wi-Fi

If at all possible do not use public Wi-Fi. It is not secure enough. When out and about its best to have Wi-Fi switched off on your phone, some phones scan for Wi-Fi networks even when it seems to be switched off so make sure your settings are all correct. However, bringing your laptop to Starbucks and conducting business can be comfortable and convenient on the go. If you really must use public Wi-Fi try to find a good VPN. A VPN will allow you to send and receive data across shared or public networks as if you are directly connected to your private network.

4.      Share less on Social Media

Sharing personal information on social media is a sometimes overlooked method of staying secure. While you may not post things such as your home address or personal email address, depending on your settings you may be revealing all of this information without even realising. Check your settings on whatever platform you use and make sure all your privacy settings are up to the standard you require.

5.      Hard-Drive and Media Destruction

Even when you have deleted a file or an app on your phone or PC that information still exists. Hard drives are recoverable even when they have been completely wiped. When you are destroying data devices formatting them just won’t cut it. Old and unused data devices should be destroyed through a hard-drive shredding service. Security in Shredding provide a nationwide Hard-Drive shredding service. This will cover the destruction of most media devices; phones, hard-drives, USB sticks, CD’s, floppy discs etc. Just throwing these out as they are will make you vulnerable.

Why I need to Shred – Shredding Company or In-House?

Why do I need to Shred Data?

On the 25th May 2018 a new law came into play, The General Data Protection Regulation (GDPR) affecting businesses of all shapes and sizes.

All business, Irish Business or International generate and process data through their operations. This data has to be created, managed and destroyed (i.e. Through a Paper Shredding Service, In-house Shredding and/or Hard-Drive Shredding Service).

The GDPR splits data mainly into two categories;

Personal Data (i.e. information which can directly connect to or identify a living person such as; name, phone number, medical history etc.)

Special Category Personal Data (i.e. personal data in relation to; ethnicity, political/philosophical opinions/beliefs, religion, mental health, criminal records etc.)

Each of the above categories have specific requirements when processing such information. This means it is important to know what category you are processing.

Enforcement Authority

Each EU state has an independent public authority accountable for enforcing the implementation of this regulation. This is the Data Protection Commission in Ireland.

The GDPR harmonized the rules to how data is to be managed in order to protect individuals. The management includes, the gathering/creation of the data through to the final destruction/disposal of the data through a paper shredding service or IT Asset Disposal Service.

Paper Shredding, Data Management, GDPR, Onsite Shredding Service, Shredding Service

There are serious implications that can occur if a business does not follow the GDPR requirements. It may be a warning or  a large penalty of at least 4% of your annual global turnover or €20 million – whichever is higher. Compliance is essential.

Shredding Service Industry Associations

There are many associations across the world for Shredding Companies to become a member. This provides peace of mind for individuals as the Association can apply guidelines for their members to be compliant with International Legislation.

Length of Time Storing Data Prior to Secure Shredding / Data Erasure

Information must be kept for as little time as possible. It is important to take into account why your company needs to store this data; is there a legal obligation? A system should be put in place with time limits/reviews and updates to out of date information/data.

To summarise, you need to shred/destroy out of date records/files/documents because it is the law. In order to be fully compliant it is invaluable to use a quality certified destruction service that will not only ensure all data is eradicated but will also provide compliance certification for your records. This will be invaluable when proving that your company/business is fulfilling their obligation to the GDPR.

The law is reason enough to shred on its own but how do businesses know what service best suits them? In our upcoming blog posts I will be discussing different types of shredding, what makes the shredding company you choose legally compliant and if onsite or offsite shredding would work best for you?

For Further info – please contact the team at Security in Shredding info@securityinshredding.com