7 Questions Dealing With Sensitive/Personal Data

privacy-data-security

We live in a digital information age and how this information in gathered and viewed is through mobile or electronic devices. On site document shredding services will handle your paper data and also digital media to be destroyed securely.

Cyber liability, cyber security and information governance are terms that managers and directors are aware of due to high-profile data security breaches in recent events (“Panama papers”). Mason Hayes & Curran covers the critical questions these companies need to be asking.

In an increasingly interconnected world, with the expansion of the internet and development of the internet of things (IoT), there has been a corresponding increase in the vulnerability of information systems to attack.

The Cyber Security for Directors app with the Institute of Directors in Ireland has released an app to help heads of companies to understand their responsibilities regarding digital data security.

The app details the various types of cyber liability and cyber risks, while drawing together the key areas for directors to consider. It also outlines both proactive and reactive strategies to manage cyber security. The app is available on Android and iOS.

Technology has rapidly changed over the past 20 years and continues to grow. People’s reliance on digital devices both for storage and transmission of data, is making data breaches all the more damaging to organisations. How a mobile device operates both the front end (you) and back end(server) is not that transparent unless you have a good understanding of data transfers.

Knowing how this works is not essential but can make it easer to understand where the pitfalls lie within a device will benefit data security.

Where there is liability, there is a corresponding responsibility for that liability. As the duties of directors come increasingly under the microscope, it is clearly in the interests of directors to ensure that they understand their responsibilities in this area.

Below, we have outlined the key questions that directors should ask in relation to the collection and processing of data

1. Are we being transparent?

Data must be obtained fairly and the company must be transparent about the reason the data is being collected and the purpose for which the data will be used. Data must not then be put to a further incompatible use.

2. Do we have consent?

Consent is usually, but not always, required. If the information is non-sensitive, there can be implied consent. If the information gathered is sensitive (such as relating to an individual’s health, race, sex life, religious beliefs or trade union membership) then there must be explicit consent.

3. How long are we retaining data for?

Personal data can only be stored for as long as is necessary. There should be no retention of data ‘just in case’.

4. Are we collecting unnecessary data?

Data should only be collected if necessary. There are PR risks to any company if data is collected and stored unnecessarily.

5. Are we keeping the data secure?

You must have appropriate security measures to protect any data you are storing. Take into consideration the state of the technology you are using, the cost of implementation and the nature of the data and potential harm if a breach occurs.

6. Are we giving the data to third parties?

Are the third parties controllers or processors? In other words, on whose behalf will they use the data? If they are controllers, you will likely need consent for collection. If they are processors, special written contract terms are required.

7. Is the data leaving Europe?

If collected data remains within the European Economic Area (EEA), transfer issues do not arise. If the data is to be transferred outside the EEA then safeguards are required unless it is an approved country, eg Canada.

Check out www.mhc.ie for more information on Tech law.

Industrial paper shredding and media destruction are performed securely and confidentially by our team at Security In Shredding. For more information on our shredding or destruction services please contact us.

 

Summer Holidays? Tips to Maintain Data Security When You Work

data security when on holiday

Who doesn’t enjoy a holiday or time off. Scheduling a paper shredding service before the holiday or time off is recommended. This will help give a piece of mind that you are protecting your data and let you enjoy your holiday.

In today’s world employees pack their work tablets and have their smartphones with them when going on vacation/ holiday.

There are a number of employees who don’t like to fall behind in their work and like to stay connected wherever they travel to. This is possible due to the ever improving technology of wireless internet, smartphones, laptops, and tablets. These technologies have made it increasingly easier to work from home and from the side of the pool!!

But organisations may forget the importance of data security regarding these mobile devices. Many organisations have policies in place where by employees BYOD (bring your own device) and this permits the employee to use one single device for both work and personal purposes.

The upside is while employees remain productive outside of the office 24/7, the downside is that they can access corporate data from anywhere. The negative impact this will have is it increases the risk of data breach incidents and has created a whole new area of information security policies.

Security in Shredding have a few tips to ensure the confidential business information employee’s work on outside of the office remains secure;

  • Implement a Bring Your Own Device Policy and by doing so you are creating a culture in your organisation.
  • Implement a schedule regarding the organisations protection software whereby on set dates throughout the year the software is updated.
  • “Provide employee training and regular refresher training regarding information security best practises outside the office.”
  • Prior to leaving the office for a vacation, ensure to only take documents that are extremely necessary regardless of a hard copy of digital copy.
  • Only under extreme circumstances should you print confidential documents from electronic means outside the office.
  • If one must print off a hard copy, ensure that all documents are securely destroyed. At mentioned earlier scheduling a paper shredding or bag collection may be needed.

You can speak with a member of Security in Shredding’s Data Management Consultants for further information. Our mobile paper shredding service is available for scheduling.

 

8 Benefits For Responsible Document Shredding

confidential shredding, clean desk policy

At Security In Shredding our mobile paper shredding units are available and comply with data protection laws. Outsourcing an industrial shredding service will ensure your data security is maintained and securely destroyed.

Businesses, organisations and Institutions and people alike have fallen victim to identity theft and scams because of loss of information that a person used off of a stolen document. A person or employee must follow a correct procedure in the way they destroy paperwork with any kind of information on it (sensitive or not) in order to protect their customers. The list below are eight benefits that happen when a company performs document shredding.

8 Benefits of Responsible Document Shredding

  1. Document shredding gives company owners and customers a peace knowing that their information has been destroyed the right way.
  1. Shredding responsibly gives people the option of having the process taken care of by a third party. In some cases there is no need to buy expensive paper shredders if there is a company that can come to your job site and take care of the process for you. Most office shredders do not provide a secure data destruction.
  1. Shredding and then recycling paperwork keeps the landfills from filling up sooner than it should. Paper is one of the most used materials in circulation. Just about every house and company throws out paper on a daily basis. By shredding paper landfills will be around for trash that cannot be recycled for a longer period of time.
  1. In some cases shredding of personal information keeps a company compliant with Data Protection Laws in Ireland. The Data Protection Commissioner provides useful information about how to destroy or handle personal information.
  1. It gives customers and business owners an unspoken bond of trust knowing that they are looking at for the well fare of each other.
  1. From an environmental standpoint document shredding protects trees from being used for new paper products.
  1. Document shredding also provides a safe and clean way of waste disposal. A clean desk policy can help reduce having a bunch of loose papers sitting around the office taking up space.
  1. The process gives you the joy of knowing that you are doing your part to protect the environment and the personal lives of your customers. Companies that go out of the way to protect their customers will find loyalty and more sales because they are a trusted established business.

Security and Compliance are important words for us at Security In Shredding. Document shredding services are available both on site and off site. For more information please visit our site.

What To Keep & What To Shred: Document Retention Policy

Data Retention & data destruction

At Security In Shredding, document shredding is done with confidentiality and security is paramount when carrying out data destruction service. Data breaches occur when people are negligent or not aware of a breach. The most recent high profile story being the “Panama Papers” leak.

The Panama Papers is the latest mega data breach where millions of confidential documents from a Panamanian law firm were leaked, exposing offshore bank accounts – and possibly tax havens – for wealthy clients.

In light of this recent breach “I think we need to change the fundamental design of the way each and every document is created and managed,” –  commented Bill Anderson of cyber security company OptioLabs, in a cnet.com story about the Panama Papers.

While there are many aspects to data security, a sound document retention policy is one of the most important. Knowing what confidential documents to keep and which ones to permanently destroy should be of concern to everyone. Maintaining a clean desk policy will also help minimise the risk of confidential documents getting lost with other data.

This high profile case may sound like it won’t happen to you but the chances are that the data breach occurred by improper use or destruction of a data. All it takes is one wrong move for all your data to be accessed.

Below are some document retention policy guidelines to help keep your information secure.

  • Information Audits: Use audits to identify the types of documents the business produces, and to create an inventory and keep it updated.
  • How Long To Keep Tax Records? There are two parts to data retention: how long documents will be useful to the business, and how long they must be retained based on government and industry requirements. Checking with Revenue.ie on how long to retain your tax returns.
  • Fines – either way: While it’s law to keep certain documents, if you retain a record for too long you might also expose yourself to litigation risks and fines. Like most privacy laws, Data Protection Act compliance stipulates the record must be securely disposed of when the official retention period is over.
  • Emails: Records are paper files, digital documents, and correspondence including emails. According to wired.com, the Panama Papers leak included more than 4.8 million emails (as well as 3 million database files and 2.1 million PDF’s). If emails aren’t part of an important business or legal use or not subject to regulatory compliance, delete them within the appropriate time frame.
  • Controlled Access: Index all documents for easy retrieval. Store in a secure, locked location and/or in a password protected file. Control who can access sensitive documents and logging when this information has being accessed. Storing unwanted documents increases the risk of a Data Breach and adds to clutter.
  • Secure disposal: The only acceptable way to discard paper or digital documents when they are no longer needed is to completely destroy them. Industrial Shredding companies can dispose large quantity of documents, and outsourcing eliminates risk. Partner with a reputable shredding company that has secure chain of custody processes for information destruction. A Certificate of Destruction will document compliance and should be issued after every shred.

At Security In Shredding data security is equally important as confidential data destruction. An on site service or off site service is available throughout Ireland. Please visit our site for more information.

4 Reasons Why A Paper Shredding Service Is Needed

Security In Shredding on site service

Paper shredding or document shredding is vital for protecting confidential and sensitive information / data. Most of us create and keep files with sensitive data; examples of which are bills, financial statements, marketing plans, employee files, and even delivery packages. Industrial shredding services are used by Government offices, non-commercial organizations, small and large businesses, and private citizens. These document shredding specialists will shred the documents securely beyond recognition.

1. Compliance With The Law

We all have the right to protection of personal information. The Data Protection Commissioner was put in place to enforce the obligations of businesses to protect data. Failure to comply, as there are laws that penalize improper disposal of documents with sensitive and confidential content. Businesses and Organizations that hold personal data but neglect to protect it face financial and legal consequences. Employers for example use paper shredding services to get rid of employee files which are no longer in use.

2. Positive Recycling Habit

Reducing the amount of paper used in an office is a good reduction method, while reduction also ensures that there is less of a chance data breaches from misplaced documents. The paper and documents shredded by a mobile paper shredding service will be put into a compost heap and reused at a later stage. This creates a good recycling method for your business and benefit the environment overall.

Data Protection, Paper Shredding, limeirck paper shredding

3. Preventing Identity Theft

Without shredding or destroying documents before disposing them, Identity theft is a possibility. All it takes is someone to simply look into a bin and grab what they can. With data now widely available is now more of an issue. Any data is far better shredded before disposal, all it takes is one piece of information in the wrong hands for a data breach to occur. These breaches are damaging for a business or organisations reputation.

clear out paper shredding

4. Eliminating Clutter & Hazards

Papers occupies space and cause clutter and increase the risks of fire. Once a document has served its purpose, offices need to constantly get rid of these papers as part of an organization-wide records management system. A paper shredding policy within an organisation for when to retain and destroy documents will help an employee to take care of the proper disposal and destruction of paper documents. However shredding services are available throughout Ireland and hiring a industrial paper shredding company is more cost effective.

Document shredding is important part of business practice. Mobile paper shredding services are available. Along with an awareness to data breaches and compliance with the law will ensure data security.

Security In Shredding provide high quality secure shredding services. They provide a Confidential Waste Disposal service both on site and off shredding available. If you are in the Limerick area then please visit our Limerick page for more details.

5 Best Practises Regarding Document Management

paper-vs-digital

Paper shredding is important practice for businesses in Ireland. A confidential shredding specialist will remove unwanted document and destroy them in a secure manner while also help remove clutter from the office.

Offices should avoid having files, documents and detailed paper information scattered on top of filing cabinets and desks. In every organisation regardless in size, it has a responsibility to manage the information it handles in a secure and organized way. It should be a priority or each and every organisation to minimise the risk of a data breach;

Security in Shredding have outlined below the top five best practises for Document Management whom they encourage every business to follow;

  1. Indexing & Filing:

    An organised document management system has an effective and current index system based on the file contents and compliance requirements. The organisation should manages file creation in an efficient manner whereby no duplication or irrelevant copies are filed and records retention periods are clearly labelled on the files or storage boxes. Security in Shredding would recommend implementing an electronic file tracking system to manage where documents are in their life cycle, and show whether documents are active, archived, or ready for disposal.

  2. Secure Storage:

    Sensitive data stored on hard paper data and e-data should be securely stored and protected either in locked cabinets or a locked room. Many organisations produce a substantial volume of paper as a result from employees conducting their duties, making notes, printing of emails, discussion notes, to do lists – the list goes on. It is just as vital that this paper production is securely stored in lockable consoles when the employee has not longer got a requirement for it. Security in Shredding encourage organisations to implement a Shred-all policy whereby all paper produced in the offices that is no longer required is placed in the secure consoles for destruction at a scheduled date.

  1. Limited Access:

    It is vitally important that limited access is maintained with hand-picked specific employees having the secure access to the file sharing system the organisation has in place. Security in Shredding recommend using a system that uses authentication and password protection to control access and track and manage who can view them.

  2. Retention and Destruction Schedule:

    All documents and files should be clearly labelled by what they contain, retention period, and end of life date. When documents reach their end of life they must be securely destroyed. Security in Shredding recommend outsourcing the destruction of all or any sensitive data to a certified professional whom are registered data processors. Also the Data Destruction Service Provider should provide a chain of custody from the time the material is placed in the secure lockable consoles to the secure removal of documents for shredding. The service provider should be able to provide certification for their ability to shred the sensitive confidential data to Shred No. 6 of the EN 15713 European Shredding Standard. A Data Processing Certificate should be issued post every service delivery.

  1. Staff Training:

    It is imperative that all employees are trained and fully understand the importance of Data Protection. Security in Shredding recommend every organisation to employee a Data Compliance Officer to enforce information security policy and ensure all aspects of Data Protection Legislation are adhered to.

If anyone has any queries regarding any of the important points illustrated, please do not hesitate to contact us to speak to our Data Consultants.

Our confidential document shredding services are available throughout Ireland. We regularly operate in the Limerick, Galway, Dublin and Cork areas.

Please visit our site for more information: https://www.securityinshredding.com/

10 Threats Against Data Security For Small Business

privacy-data-security

Bigger companies incorporate off site data destruction practices, small businesses often don’t have the financial resources to house large scale IT departments, purchase the latest and greatest technology or invest into data security.

Many a cash-strapped small business finds itself operating its critical systems on computers that are old, slow and often times insecure. This leaves them susceptible to a wide array of security pitfalls and privacy threats, including data leaks and identity theft.

Fortunately, beefing up your security doesn’t necessarily mean draining your bank account. There are many inexpensive options to improve the security of your small business and protect your information.

Geoffrey Arone, serial entrepreneur and co-founder of SafetyWeb, gave his take on 10 very real threats facing small businesses and how they can be addressed in ways that are free or inexpensive.

1. Data Breach Resulting From Poor Networking Choices
Enterprise-level networking choices that are found in large IT departments around the world carry costs that price small or medium businesses out of the market. SMBs that have networks often use networking devices targeted at home users. Some may forgo the use of routers at all, plugging directly into the internet.

Business owners can block most threats by using a quality router, like a NETGEAR or Buffalo brand router, and making sure to change the router password from the default to something more secure.

2. Data Breach Resulting From Improper Shredding Practices
Trivial as it may seem, dumpster diving identity thieves target businesses that throw out paperwork without shredding it. Your small office shredders will NOT suffice for a secure document destruction, but a industrial paper shredding company is a wise investment if private or sensitive information is printed and shredded daily.

3. Identity Theft Resulting From Public Databases
Individuals, especially business owners, often publish lots of information about themselves in public databases. Businesses are registered with governments, telephone numbers are in the phone book, and many individuals have social media profiles with their address and date of birth. Many identity thieves can use information obtained across various public forums to construct a complete identity.

4. Identity Theft Resulting From Using A Personal Name Instead Of Filing An OA
Sole-proprietors that have not registered a business name to receive “operating as” designation are at a far higher risk of identity theft due to their personal name, rather than their business name, being published publicly.

5. Tax Records Theft Around Tax Time
Businesses should ensure that tax returns are dropped off at the post office and refunds are collected promptly from the mailbox. Identity thieves often steal tax returns from an outbox or mailbox.

6. Bank Fraud Due To Gap In Protection Or Monitoring
Business owners know that it is vital to balance their accounts every month to ensure that checks are not being written out of business funds by embezzlers, but many businesses rarely, if ever, check what kind of credit accounts have been opened under the business name. Monitoring services like myID.com can alert business owners when new credit accounts are opened fraudulently.

7. Poor E-mailing Standards
Many businesses treat e-mails as confidential communications, but this is far from the case. They are available to a number of people other than the recipient. It’s more appropriate to treat e-mails as postcards, rather than sealed letters.

8. Failing To Choose A Secure Password
In fact, many security experts are recommending the use of a pass phrase, rather than a pass word. Pass phrases are several words long, at least three, and are far more secure than passwords. A pass phrase like “Friday blue jeans” can be typed far quicker than a complicated password, and it doesn’t need to be written down on a post-it. The length of a password increases security.

9. Not Securing New Computers Or Hard Drives
Businesses that had their IT system professionally installed may opt to upgrade a computer or two by themselves. This is strongly discouraged on a business network, as new computers must be professionally secured or else they pose a serious threat and an entry point for hackers.

10. Social Engineering
Social engineers are individuals that call and claim they are from another organization. They may even claim to be with a firm that a business owner does business with. If someone you do not know calls on the phone, be sure that it is the person you think it is before revealing passwords or confidential information.

For more information on a paper shredding or confidential document shredding service in the Cork, Limerick, Galway and Dublin area, please visit: https://www.securityinshredding.com/

Like, Subscribe and Follow us on Twitter: @Securityinshred

Clear-out Shredding & File Purging

clear out paper shredding

We all know the saying “A clear space a clear mind” and clutter builds quite easily without you realising. A document clear-out of old documents is available. At Security In Shredding we offer an excellent clear-out shredding service both on site and off site shredding is available.

De cluttering your office space will give many positive benefits for yourself and work colleagues. For a number of reasons listed below:

  1.  Gives back your space

Paper documents take up space. While you might only leave few documents lying around, over time these build up into large piles. This takes away space in the office that could be used for a better purpose. If the documents are in a pile this could mean that a) the documents served their purpose and no longer in use and b) its and not an organised pile. If this is the case then it is time to hire a secure shredding service.

  1. Eliminates dust and mites

Any item left idle for an extended period of time will gather dust. Dust presents its own problems. For some people dust can cause asthma flare ups. There can be other factors that cause asthma flare ups but with a clear space will make it easier to clean the area and prevent dust from gathering.

With dust comes dust mites. These bugs are microscopic to the eye and are everywhere. Not necessarily representative of a dirty office but can cause irritation to people with asthma.

  1. Large quantity removal in one easy process

We receive a massive amount of documents over time. Be it brochures, newsletters, advertisements and or your own documents on top of that. Most likely these will get recycled but the documents that are left around that had a purpose and were kept as reference. After a while we can forget what was left where and newer documents get put on top of the old.

There is a potential here of sensitive data getting mixed in with these documents. Chances are it won’t happen but in case there are confidential documents then hiring a on site secure shredding service will remove all your documents in a large quantity.

At Security In Shredding we regularly preform clear-out shredding of documents and confidential documents. With all this new space available there will be “so much room for activities.

Please visit our site and contact our team for a consultation about clear out shredding. Please like and subscribe to our social media. Join the conversation and

Follow us on Twitter here: @SecurityInShred

Earth Day – Friday 22nd April 2016

Shredding Event & recycling

A paper shredding event in Limerick today. Recycling office paper is one of the simplest ways a workplace can do its bit to contribute to helping protect the environment and celebrate Earth Day 2016.

Security in Shredding is assisting Limerick City and County Council by participating in a waste prevention and recycling event at Mungret Recycling Centre from 1pm to 3pm. Not only are the members of Security in Shredding team going to be there to destroy your confidential documents but they will be there to assist both householders and SME’s with any questions they may have regarding the importance of data protection.

The question we need to ask ourselves is does your recycling process protect your confidential information?

“Earth Day was started in 1970 as a way to focus attention on the environmental problems on our planet. This year the Council is holding an event focusing on the 5 R’s, namely Rethink, Reuse, Restore, Repair and Recycle.”

In 1970, the movement gave voice to an emerging consciousness, channelling human energy toward environmental issues. Forty-six years later, we continue to lead with groundbreaking ideas and events throughout the country.

As security breaches are at an all-time high, it is extremely important that every workplace makes data security a priority in the day to day running of their business and incorporate green office strategies and resourcefulness in the actions and celebration of Earth Day every year.

This great public event provides SME’s and householders with a great opportunity to have their confidential paper material shredded on-site to promote Earth Day and the importance of Data Protection. “Shredded paper recycling, for example, saves trees. In fact, every two consoles of shredded and recycled paper saves one tree.”

So call down to Mungret Recycling Centre on the 22nd of April 2016 and avail of the fantastic facilities that are available to celebrate Earth Day 2016.

Security in Shredding look forward to meeting you there and answering any questions you may have. Join in on the conversation at @securityinshred

Firms Not Insured For Data Security Breaches

Security in Shredding Data protection & destruction

This topic is becoming more and more common. Shredding confidential paper is widely accepted practice for Data Protection. At Security In Shredding we understand the benefits of document shredding.

We also believe in have a proper digital data destruction system in place for your business. The Data Protection Act requires you to ensure your data is maintained and is not vulnerable to Data Breach.

A recent report from Risk:Value NTT Com Security, questioned 1000 non IT-Business across the UK, USA, Germany, Switzerland, Norway and France asking if they had insurance to cover data security breaches. 1 in 10 had data protection insurance.

With the increase in Cyber attacks globally and small businesses are targeted. It not just activists attacking multi national corporations. Any business if vulnerable may be attacked. It pays to have the adequate insurance in place. Now more than ever does this kind of insurance become applicable. With mobile devices, tablets and hard drives widely available, people are not as aware of the pitfalls of these devices regarding Data Security.

An Insurance policy will help against Data Leaks and Breaches. Data Protection methods must be in place as there may be certain criteria in place to be covered by the policy.

Risk Management Policy

Having an insurance policy in place is fine nothing wrong with it but Data Security comes down to your business having security measures in place that prevent data breaches. How your business handles sensitive data and who has access to it must be business practice.

The disposal of data must also be considered, a confidential document destruction service can be incorporated. These services can be availed on site or off site with collection available. Depending on your business location will effect what type of service is used but confidentiality is paramount when operating.

Digital devices should be password protected and encrypted where available. Sending emails and texts can now be encrypted end to end which will improve your Data Security in public areas. Whatsapp a free SMS messaging application that offers encryption which is a simple but easy protected communication service.

When devices are no longer in use it is recommended that these devices are destroyed if they are no longer in use.

Document Shredding Services Ireland

At Security In Shredding we offer secure shredding service for your Data Protection needs. Please Like, Subscribe and Comment to our blog.