Minutes To Happen & Weeks To Realise; Data Breaches

Phising Most Common Data Breach

At Security In Shredding we ensure that all data processed by us is confidentially and securely destroyed. Data destruction is vital part of business practice. Data security is paramount to us and the success of a business. Preventative methods to improve your data security comes in many forms. IT security is an area that can overlooked due to newer technologies and people not aware of IT pitfalls.

A report from Siliconrepiblic writes about a common data breach method and is important that people are aware of such an attack. Knowing these potential risks is important is today’s high tech world. The article writes:

“Phising” What Is It ?

A Google search will give you the following definition:

“Phishing is the attempt to acquire sensitive information such as usernames, passwords, and credit card details (and sometimes, indirectly, money), often for malicious reasons, by masquerading as a trustworthy entity in an electronic communication.”

Phishing is still the No 1 cause of data breaches and hackers are getting faster at breaking in, but firms are struggling and usually only find out weeks and even months later they have been breached, according to the 2016 Verizon Data Breach Investigations Report.

According to the report, in 93% of cases it took attackers minutes or less to compromise systems.Meanwhile, it took companies weeks or more to discover that an incident had even occurred.Worse, it was typically customers or law enforcement that sounded the alarm and not the organisation’s security measures.

‘A test we ran last year found that 23% of people that opened a message went on to open the attachment. In our latest report that has increased to 30%’
– LAURANCE DINE, VERIZON

According to the report, most reasons for breaches are money-related and cyber-attackers are indiscriminate and motivated by greed rather than revenge or some crusade.

Gone Phishing, Gone Data

Laurance Dine, managing principal in charge of investigative response with Verizon, told Siliconrepublic.com that phishing is still the chief method hackers use to attack organisations.

The report found that, in 2016, some 63% of confirmed data breaches involved leveraging weak, default or stolen passwords. Passwords such as “123456” and or “password” are used more often than you think 39% of breaches originate from victims’ own work areas and 34% from employees’ work vehicles.

Some 70% of data breaches involving insider misuse took months or years to discover.The report also revealed that new technologies like mobile and the internet of things are providing hackers with more ways of breaching an organisation’s systems.The industries most affected by data breaches are the public sector, healthcare and information.

Dine told Siliconrepublic.com that the data information was gathered from more than 67 partners worldwide and involved the analysis of 2,260 confirmed data breaches.

“There is still a serious information deficit when it comes to attacks. Attackers are getting into environments in minutes or days and it could be months and years down the line before anyone is aware of it and they usually hear it from law enforcement.

“Phishing is still the principal method of attack. A test we ran last year found that 23% of people that opened a message went on to open the attachment. In our latest report that has increased to 30%.”

“But if you are after the low-hanging fruit, the No 1 motivation for data breaches is still financial. Any data worth any value is a target.”

Read Siliconrepublic full article here: https://www.siliconrepublic.com/enterprise/2016/04/25/verizon-data-breach-report-2016

At Security In Shredding we strive to ensure that all documents and its data is processed securely destroyed on site or off site. Confidential shredding services are available throughout Ireland and we regularly operate in the Dublin, Galway, Limerick, Cork areas. Please visit: https://www.securityinshredding.com/

 

10 Threats Against Data Security For Small Business

privacy-data-security

Bigger companies incorporate off site data destruction practices, small businesses often don’t have the financial resources to house large scale IT departments, purchase the latest and greatest technology or invest into data security.

Many a cash-strapped small business finds itself operating its critical systems on computers that are old, slow and often times insecure. This leaves them susceptible to a wide array of security pitfalls and privacy threats, including data leaks and identity theft.

Fortunately, beefing up your security doesn’t necessarily mean draining your bank account. There are many inexpensive options to improve the security of your small business and protect your information.

Geoffrey Arone, serial entrepreneur and co-founder of SafetyWeb, gave his take on 10 very real threats facing small businesses and how they can be addressed in ways that are free or inexpensive.

1. Data Breach Resulting From Poor Networking Choices
Enterprise-level networking choices that are found in large IT departments around the world carry costs that price small or medium businesses out of the market. SMBs that have networks often use networking devices targeted at home users. Some may forgo the use of routers at all, plugging directly into the internet.

Business owners can block most threats by using a quality router, like a NETGEAR or Buffalo brand router, and making sure to change the router password from the default to something more secure.

2. Data Breach Resulting From Improper Shredding Practices
Trivial as it may seem, dumpster diving identity thieves target businesses that throw out paperwork without shredding it. Your small office shredders will NOT suffice for a secure document destruction, but a industrial paper shredding company is a wise investment if private or sensitive information is printed and shredded daily.

3. Identity Theft Resulting From Public Databases
Individuals, especially business owners, often publish lots of information about themselves in public databases. Businesses are registered with governments, telephone numbers are in the phone book, and many individuals have social media profiles with their address and date of birth. Many identity thieves can use information obtained across various public forums to construct a complete identity.

4. Identity Theft Resulting From Using A Personal Name Instead Of Filing An OA
Sole-proprietors that have not registered a business name to receive “operating as” designation are at a far higher risk of identity theft due to their personal name, rather than their business name, being published publicly.

5. Tax Records Theft Around Tax Time
Businesses should ensure that tax returns are dropped off at the post office and refunds are collected promptly from the mailbox. Identity thieves often steal tax returns from an outbox or mailbox.

6. Bank Fraud Due To Gap In Protection Or Monitoring
Business owners know that it is vital to balance their accounts every month to ensure that checks are not being written out of business funds by embezzlers, but many businesses rarely, if ever, check what kind of credit accounts have been opened under the business name. Monitoring services like myID.com can alert business owners when new credit accounts are opened fraudulently.

7. Poor E-mailing Standards
Many businesses treat e-mails as confidential communications, but this is far from the case. They are available to a number of people other than the recipient. It’s more appropriate to treat e-mails as postcards, rather than sealed letters.

8. Failing To Choose A Secure Password
In fact, many security experts are recommending the use of a pass phrase, rather than a pass word. Pass phrases are several words long, at least three, and are far more secure than passwords. A pass phrase like “Friday blue jeans” can be typed far quicker than a complicated password, and it doesn’t need to be written down on a post-it. The length of a password increases security.

9. Not Securing New Computers Or Hard Drives
Businesses that had their IT system professionally installed may opt to upgrade a computer or two by themselves. This is strongly discouraged on a business network, as new computers must be professionally secured or else they pose a serious threat and an entry point for hackers.

10. Social Engineering
Social engineers are individuals that call and claim they are from another organization. They may even claim to be with a firm that a business owner does business with. If someone you do not know calls on the phone, be sure that it is the person you think it is before revealing passwords or confidential information.

For more information on a paper shredding or confidential document shredding service in the Cork, Limerick, Galway and Dublin area, please visit: https://www.securityinshredding.com/

Like, Subscribe and Follow us on Twitter: @Securityinshred

Addressing Incorrect Data Destruction Habits

Data Protection, Paper Shredding, limeirck paper shredding

Shredding confidential paper in a business must be done and there are legislations in place to protect against data breaches. Failure to enforce these laws or inadequate data protection in place by a business will result in a hefty fine of up €100,000.

Human error is is arguably the biggest cause of data breaches are caused by employees and contractors. Human error is not solely to blame. Even high profile hacking cases involve employees inappropriately clicking on links and allowing the bad guys in. It is quite easy with a little bit of know how you can be easily tricked and baited into clicking a malicious link that will cause a data breach.

When it comes to proper data destruction, or avoiding data breaches due to improper destruction of data and confidential information. It comes down to employees knowing the dangers and pitfalls of potential data breaches within the office. Despite any amount of training, however, there is one lesson too many data controllers have learned the hard way. In order to maximize compliance, proper disposal of information has to be easy for the employee.

Some organisations might require employees to use a shredder in the copy room which is not easy. So much so that it is not even reasonable to think they will consistently do it. Whether because of carelessness, workload issues, pressures outside work, or laziness, compliance failure is inevitable. Nor is it reasonable to give employees the discretion on what is destroyed or options on where information-bearing media should go. Whenever a recycling bin is next to a shred bin, it is easy to find confidential information in the recycling bin. Making this process as easy as possible for our customers is recommended. We clearly have each console labelled so our customers know exactly what we can and can’t take in our locked consoles. We provide staff awareness days to help businesses improve their data security.

Data Protection, Secure Paper Shredding

The same goes for IT asset disposal. Since employees are less likely to toss out computers, it can be less of an issue. However, leaving the decision to the IT department instead of dictating the procedure through security and compliance can cause a problem. With electronic storage devices there is no true way to destroy the data using software. A physical destruction of the device must be done to ensure data destruction.

Educate and Awareness for you and your employees benefits with proper data destruction. Contacting a Secure Confidential document destruction service to incorporate into the business practice will improve your data security and destruction.

For more information on a secure document destruction service in Ireland, then please visit: https://www.securityinshredding.com/ or

please like, share and follow us on Twitter: @Securityinshred

Adopting A Secure Document Shredding Strategy For Business

 confidential shredding, clean desk policy

A secure document shredding policy is integral to any business and protecting customer data is legislative. The Data Protection Commissioner implements the provisions of EU Directive 95/46. Not only are these regulations that require businesses to shred documents securely, but it is also part of running a business and maintaining a positive business reputation.

Why Businesses Need To Securely Destroy Documents?

Every day, companies create paper documents and these documents require shredding. Practically any document that contains data and especially sensitive data needs to be shredded. In particular data containing the following would be regarded as sensitive data:

  • Person’s Name
  • Address
  • contact information
  • Account Details
  • Credit Card Details
  • Budget Reports
  • Medical Reports
  • Payroll information
  • Legal contracts
  • Receipt Information

This is a snippet of what data to shred any and all documents should be securely destroyed by a secure document shredding service.

How This Data Can Be Used Against You?

Not only is forgery and fraud a major issue but also there is of course the potential for bad publicity, loss of customers and lawsuits to name but a few of the dangers. Identity theft is a common issue with data breaches. Criminals will use this data to either make purchases or obtain more data under the pretence of your name.
It is important that all businesses shred or destroy certain sensitive documents. Law enforcement, legal industries, government agencies, banks, health care providers, insurance providers, financial brokers, and real estate are just a few industries where managing paperwork is crucial.

How To Manage Business Documents Safely & Effectively?

A detailed security policy for every type of document your business handles is essential and employees need to know these policies before starting work.

For example:

What are the shredding requirements for the various document types that your company frequently uses? What are employees allowed to photocopy? Incorporating a reputable Confidential Shredding Company that has a good track record. While also training employees about the correct method of destroying sensitive documents and ensuring correct secure policies about how long to hold and when to destroy documents.  Access to company records should be controlled and restricted to a small number of trusted individuals and there should be rules relating to access of these records. A notification or logging system can also be in place to account for what and where data is being used.

At Security In Shredding we operate throughout Ireland and frequently do business in areas of Dublin, Galway, Limerick, Cork and Waterford areas.

For a more information on Shredding confidential paper Services & data destruction service, please visit: www.securityinshredding.com

Like, Subscribe to our Twitter: @Securityinshred

5 Reasons to Hire a Data Destruction Service Provider

Media Destruction Data Protection

Confidential shredding is available in the Limerick area provided by Security In Shredding. Incorporation a data destruction service into your business practice is beneficial for your data security and data protection. While also being a good recycling practice.

Top 5 reasons why you should hire a Data Destruction company such as Security in Shredding:

  1. Data Security

In order to protect confidential information and reduce the risk of a data breach, Security in Shredding advise to outsource data destruction requirements to a professional, certified service provider. All data containing personal information must be securely destroyed when it reaches its end of life.

“An office shredder simply can’t provide the same security as a professional company. A reliable document destruction company provides a secure chain of custody, from the time the documents are collected, through to shredding using cross-cut shredders, and ends with” a Data Processing Certificate after each service delivery.

  1. Compliance

It is not just simply destroying documents that are no longer needed, but it is both best practise and it is in Data Protection Legislation.

data destruction and collection service

  1. Saves Money

By outsourcing your data destruction requirements you are cutting out the cost of purchasing an in house shredding machine, maintenance costs resulting in saving money. You are also reducing the amount of employee down time spent on the shredding of data resulting in the employee being 100% focused on their own job.

  1. Convenience

A renowned shredding company will provide the client with lockable receptacles and locate them in suitable and convenient locations around the building. These locations will be previously identified with the client to ensure the employees have ease of access to place paper data awaiting destruction.

At a prearranged date and time Security in Shredding will arrive on site and remove and replace the receptacles of paper for destruction with little or no disruption, for shredding.

  1. Additional Services

There are a number of other mediums of confidential data that needs to be destroyed. Out of date PC’s, e-data carriers and storage devices also require destruction when the data on them reaches end of life. Research has shown for example that wiping a hard drive is not a guaranteed method of destroying the e-data contained within but physical destruction is the most reliable method of destruction of data. You have total peace of mind that the data is 100% beyond reconstruction.

For more information on a data destruction and media destruction service, please visit: https://www.securityinshredding.com/limerick-shredding-services.php for more information. We are also available throughout the country along with Limerick our paper shredding is available in the Dublin, Galway and Cork areas.

Follow us on Twitter @Securityinshred and please like, subscribe and share.

How to incorporate Recycling into Data Management Security

Improve Office Environment Usage

Many organisations are unfamiliar with how to incorporate methods of recycling in the workplace whilst maintaining Data Security. Shredding companies in Ireland can provide you with a recycling service for your business.

Security in Shredding recommend to have the following;

  • All open and unsecured paper recycling bins in the workplace replaced with Security in Shredding’s lockable office friendly consoles. The benefit of using these consoles is that you know your confidential documents are safe from prying hands and eyes. Your documents cannot be retrieved as the consoles have bevelled slots.
  • Each and every desk should have a specific paper waste bin that is used only for office paper waste. At the end of each employee’s working day, the employee takes the waste paper bin to the lockable console and empties the contents into the console. If an Organisation implements and enforces this process, it will greatly reduce the risk of a possible data breach. As many data breached are as a result of human error, the employer is not relying on the employees to distinguish the confidential paper from the non-confidential paper. This Policy is call a Shred-All Policy.
  • A service provider that employees security-vetted staff to conduct service deliveries. The client has assurance that the personnel whom handle the confidential documents have received extensive security awareness training and have a great understanding of Data Protection Legislation.
  • A service provider whom provides its onsite and offsite shredding services via shredding technologies that are certified to Shred No. 6 of the EN 15713 shredding standard. The benefit of having a Data Destruction Service Provider whom is certified to this shredding standard is that you have total peace of mind and you know that the shredding service is off its highest level.
  • The vast majority of organisations are Data Controllers. Therefore these Data Controllers should most certainly use a Data Processor to processes its confidential data when I reaches its end of life. A Data Processor should issue its client a Data Processing Certificate detailing the quantity of material destroyed, the material type, date of destruction, name and location of the client and the shred number and shredding standard the material was shredded to. The certificate is proof of destruction and allows the client to keep track of data destruction for compliance and other data management purposes.
  • Security in Shredding transport all destroyed paper material to licensed and permitted recycling facilities. The paper material is sent to paper mills. Printing ink is removed and the material is turned into pulp and it is then used to manufacture new paper products. An interesting fact; one tonne of recycled paper saves 17 mature trees and reduces carbon emissions.

By implementing these changes you are contributing to making your organisation greener and whilst increasing the level of data security. For more information on a paper / document shredding service please visit our site for more information.

www.securityinshredding.com 

The New European Data Protection Legislation

“Cannot be ignored by any business.”

Security In Shredding on site service

At Security In Shredding when shredding confidential documents we must comply by the EU standards. These standards along with the Data Protection Commissioner ensures that our work is done to the highest quality. Security is paramount and failure to comply with these laws can result in a hefty €100,000 fine. These laws also apply to all business that handle sensitive data.

The EU Data Protection Rules that are expected to come into force in 2018 will have an effect on all business and cannot be ignored according to legal experts in the field. The final text was agreed upon in December 2015 after years of negotiations and analysis.

The new regulation is aimed at harmonising the European Data Protection Legislation and reforming the outdated EU directive on Data Protection and replace all inconsistent laws across the European Community.

Even though the digital economy is at the core of this new regulation it is ESSENTIAL to note that physical data is also covered and holds the same fines and penalties which are described below.

One of the most eyebrow raising and awakening points from the new regulation is not only that it gives rise to increased compliance requirements but breaches in compliance are backed with heavy financial penalties which have turned out to be up to 20 million or 4% of annual turnover, whichever is the greater.

The journey to compliance

From the experts here at Security in Shredding; Organisations approach to comply with the GDPR will need to include three key components; These are:

#1) a compliance journey

#2) a transparency framework and

#3) enforcement, sanctions and remedies framework.

The compliance journey requires Organisations to classify the personal data in their possession; complete risk assessments; apply privacy protections into all existing and new business operations; employ and empower dedicated data protection officers; monitor and audit compliance; and document everything they do with data and everything they do to achieve legal compliance. All data stored electronically and physically will have to be managed appropriately. Waste paper will have to be destroyed through certified data processors and not enter general waste streams.

The new transparency framework will mean that Organisations need to redevelop how they engage with external people including all external vendors that process material for them, service such as paper shredding, external invoicing, digital data destruction and marketing will all have to review how they process information and give clear and full information on what is happening to personal data.

The new enforcement, sanctions and remedies framework will give appointed data protection officers high authority to make decisions for the protection of personal data and achieve compliance for their Organisation.

Please visit our site for more information on shredding confidential paper.

Join in on the conversation on Twitter @securityinshred

 

 

Common Mistakes Businesses Do When Maintaining Security Of Sensitive Data

Answer;              

Not properly classifying the sensitive information, managing it accordingly and in turn protecting it against current threats.

 

Secure Paper Shredding Hard Drive Shredding WEEE Destruction

 

As you read this from your mobile, tablet and or computer you are viewing data digitally. Paper shredding in Ireland and industrial paper shredding services offer data protection services for said devices. Knowing technology pitfalls is a massive part to data protection while also knowing how and when to share your digital information must also be considered.

There are three critical points to the proper protection of sensitive data.

  1. Data Classification

In line with European Standards; Companies must understand what data needs to be protected and create a Data Classification Policy. This policy in turn will classify data based on sensitivity. At a minimum three levels of data classification are needed.

    • Restricted: This information requires very high protection, Unauthorised dissemination would have serious terminal consequences for the company and infringe trade confidentiality obligations, contracts or laws. It is essential that the confidentiality of personal data is maintained. Otherwise there is a risk to the health and safety or personal freedom of the affected persons.

All data that reaches its end of life should be destroyed to a minimum of Shred No.6 of EN 15713 to ensure destruction beyond reconstruction.

    • Confidential or Private: This is moderately sensitive data that would cause a moderate risk to the company and could infringe legal obligations or laws if compromised. Access is internal to the company or department that owns the data. There would otherwise be a considerable risk to the social standing and financial situation of the affected persons.

All data that reaches its end of life should be destroyed to a minimum of Shred No.4 of EN 15713.

    • Public: This is non-sensitive data that would cause little or no risk to the company if accessed. Access is loosely, or not, controlled.

All data that reaches its end of life should be destroyed to a minimum of Shred No.3 of EN 15713.

 

  1. Encryption – All Organisations should have an encryption strategy in place to ensure all staff are aware and capable of utilising it correctly. The essential element to a good encryption strategy is to use strong encryption and detailed key management.

 

  1. Cloud Misuse – Essentially cloud storage translates to storing your data on someone else’s computer. When it is uploaded, the control over it is no longer only yours. Encryption should always be implemented prior to uploading to the Cloud. It is always advisable to read through the cloud providers policies with regard to handling data.

 

The most important thing for business is to be aware of the technology pitfalls. Secure document destruction in Ireland and its data protection laws are different to other countries. While the laws may be different country to country, the method of data breaches are usually the same. The more you know the better you can protect yourself and business from data breaches.

For more information on a secure document shredding service in the Dublin, Cork, Limerick or Galway area please visit: www.securityinshredding.com

Feel free to join in on the conversation @securityinshred

Top 5 Workplace Security Tips

secure data, workplace security

Workplace Security does not just mean a simple office shredder. Data Protection comes in many forms and is worth knowing these methods.

Data Protection is an important part of business practice. Paper shredders are often used to shred confidential documents. Your standard office shredder does not provide adequate security when shredding. An Industrial paper shredding service will provide a secure document destruction method for your business to use.

Along with paper shredding, there are many other forms of security you and your business can incorporate into everyday practice. We live in an age where data breaches are becoming more and more common which makes protecting this data ever more important. Digital data is now an area of protection and is often overlooked. These over sights is what cyber criminals will prey on and thus a Data Breach will occur causing severe damage to your business reputation.

 

Tip 1: Outsource your secure and confidential document destruction requirements to a certified professional Data Processor whom is reputable and reliable.

Tip 2: Enquire with your current data destruction provider about their e-media services. Hard drives and other types of media should either be shredded or crushed to ensure all the electronic data is securely destroyed and beyond reconstruction. If your service provider does not provide same, contact a member of our team whom are more than happy to help with your enquiry.

Tip 3: Choose a Service Provider that uses secure certified document destruction technologies, lockable consoles and/or locked 240 Litre wheelie bins, issue Data Processing Certificates and operate with a secure chain of custody.

Tip 4: Appoint a Data Compliance Officer in your Organisation whom is responsible for ensuring compliance regarding the correct management of both paper data and digital data within an organisation.

Tip 5: Conduct regular staff refresher training days regarding the importance of information security and the processes associated with same. Have training material prepared and on hand for induction training when new employees begin.

 

For more information on paper shredding and confidential document destruction in Ireland please visit: www.securityinshredding.com

Firms Not Insured For Data Security Breaches

Security in Shredding Data protection & destruction

This topic is becoming more and more common. Shredding confidential paper is widely accepted practice for Data Protection. At Security In Shredding we understand the benefits of document shredding.

We also believe in have a proper digital data destruction system in place for your business. The Data Protection Act requires you to ensure your data is maintained and is not vulnerable to Data Breach.

A recent report from Risk:Value NTT Com Security, questioned 1000 non IT-Business across the UK, USA, Germany, Switzerland, Norway and France asking if they had insurance to cover data security breaches. 1 in 10 had data protection insurance.

With the increase in Cyber attacks globally and small businesses are targeted. It not just activists attacking multi national corporations. Any business if vulnerable may be attacked. It pays to have the adequate insurance in place. Now more than ever does this kind of insurance become applicable. With mobile devices, tablets and hard drives widely available, people are not as aware of the pitfalls of these devices regarding Data Security.

An Insurance policy will help against Data Leaks and Breaches. Data Protection methods must be in place as there may be certain criteria in place to be covered by the policy.

Risk Management Policy

Having an insurance policy in place is fine nothing wrong with it but Data Security comes down to your business having security measures in place that prevent data breaches. How your business handles sensitive data and who has access to it must be business practice.

The disposal of data must also be considered, a confidential document destruction service can be incorporated. These services can be availed on site or off site with collection available. Depending on your business location will effect what type of service is used but confidentiality is paramount when operating.

Digital devices should be password protected and encrypted where available. Sending emails and texts can now be encrypted end to end which will improve your Data Security in public areas. Whatsapp a free SMS messaging application that offers encryption which is a simple but easy protected communication service.

When devices are no longer in use it is recommended that these devices are destroyed if they are no longer in use.

Document Shredding Services Ireland

At Security In Shredding we offer secure shredding service for your Data Protection needs. Please Like, Subscribe and Comment to our blog.