Tag Archives: Data Security

5 Data Security Tips To Protect A Company’s Sensitive Data

Posted on by
Reply

Secure Paper Shredding Hard Drive Shredding WEEE Destruction

For many small business owners, are aware of the potential data breaches that can occur. Secure document shredding is one method of data security but most people will think “It wont happen to me” and when it does happen it can cost the business upwards of €100,000 fine if data security was inadequate. For a small business, one data breach can destroy their reputation and customer confidence.

Below are 5 tips to implement data protection solutions that all small businesses can do today to protect their customers, their reputation and their people against data breaches:

  1. Implement a Clear-out Shredding Policy

Clear-out Shredding policies ensure all paper documents are shredded before being recycled or disposed. The Clear-out Shredding Policy removes any uncertainty around whether documents are confidential and require shedding. This simple step is one of the easiest ways to avoid human error including mishandling of confidential documents and files. In addition, all shredded paper is recycled, adding an environmental benefit to a security solution for businesses. Overall, it leaves little to be decided around the type of information that should not be deposited in recycling bins and waste paper baskets.

  1. Encrypt all electronic devices

Mobile devices are everywhere. There are more mobile devices than people in circulation. A workplace mobile will be used so employees can access the information they need remotely, which means company information may be exposed to greater security vulnerabilities. Encrypting all electronic devices is an important first step in securing information.

All electronic devices used by employees should be encrypted to protect sensitive data regardless for their own benefit and not just the company or organisation. In the event that electronic devices are lost or stolen, encryption will protect the information stored on the device and mitigate any compromising activity.

End to end encryption” is a term you should look out for especially when transferring data. Software applications can do the same function a number of different ways. Knowing how they operate is recommended.

  1. Maintain Clean-desk policy

A clean-desk policy encourages employees to clear their desk and secure documents in a filing cabinet or storage unit when they are away from their desk or office at the end of the day. This includes documents, files, notes, invoices, and removable digital media like memory sticks. Unattended and untidy work stations pose a greater risk as loose information is an easy target for theft. A clean-desk policy ensures that all confidential data is locked in a secure area.

  1. Protect Printers & Peripheral Devices

Implement a ‘best practices’ standard for printing confidential information. Encourage employees and staff to not leave documents unattended at a shared printing station. To strengthen security around printing stations, consider using passwords for printing jobs. A printer is connected to a network and can be an entry point for hackers to access a network. Any other peripheral device that’s connected to a network may need an added layer of security just in case.

  1. Designate a Security Manager

If your business or organisation does not have one, now is the time to assign someone to do it. While it is important to have senior management and leadership play a vital role in mitigating data breaches, engaging employees from all levels and cross-departments helps strengthen an organization’s focus and commitment on information security.

At Security In Shredding maintaining data security is a vital importance to us. We must comply with data protection laws. For more information on paper shredding and data destruction services, please get in touch with one of our staff for more information.

Summer Holidays? Tips to Maintain Data Security When You Work

Posted on by
Reply

data security when on holiday

Who doesn’t enjoy a holiday or time off. Scheduling a paper shredding service before the holiday or time off is recommended. This will help give a piece of mind that you are protecting your data and let you enjoy your holiday.

In today’s world employees pack their work tablets and have their smartphones with them when going on vacation/ holiday.

There are a number of employees who don’t like to fall behind in their work and like to stay connected wherever they travel to. This is possible due to the ever improving technology of wireless internet, smartphones, laptops, and tablets. These technologies have made it increasingly easier to work from home and from the side of the pool!!

But organisations may forget the importance of data security regarding these mobile devices. Many organisations have policies in place where by employees BYOD (bring your own device) and this permits the employee to use one single device for both work and personal purposes.

The upside is while employees remain productive outside of the office 24/7, the downside is that they can access corporate data from anywhere. The negative impact this will have is it increases the risk of data breach incidents and has created a whole new area of information security policies.

Security in Shredding have a few tips to ensure the confidential business information employee’s work on outside of the office remains secure;

  • Implement a Bring Your Own Device Policy and by doing so you are creating a culture in your organisation.
  • Implement a schedule regarding the organisations protection software whereby on set dates throughout the year the software is updated.
  • “Provide employee training and regular refresher training regarding information security best practises outside the office.”
  • Prior to leaving the office for a vacation, ensure to only take documents that are extremely necessary regardless of a hard copy of digital copy.
  • Only under extreme circumstances should you print confidential documents from electronic means outside the office.
  • If one must print off a hard copy, ensure that all documents are securely destroyed. At mentioned earlier scheduling a paper shredding or bag collection may be needed.

You can speak with a member of Security in Shredding’s Data Management Consultants for further information. Our mobile paper shredding service is available for scheduling.

 

8 Benefits For Responsible Document Shredding

Posted on by
Reply

confidential shredding, clean desk policy

At Security In Shredding our mobile paper shredding units are available and comply with data protection laws. Outsourcing an industrial shredding service will ensure your data security is maintained and securely destroyed.

Businesses, organisations and Institutions and people alike have fallen victim to identity theft and scams because of loss of information that a person used off of a stolen document. A person or employee must follow a correct procedure in the way they destroy paperwork with any kind of information on it (sensitive or not) in order to protect their customers. The list below are eight benefits that happen when a company performs document shredding.

8 Benefits of Responsible Document Shredding

  1. Document shredding gives company owners and customers a peace knowing that their information has been destroyed the right way.
  1. Shredding responsibly gives people the option of having the process taken care of by a third party. In some cases there is no need to buy expensive paper shredders if there is a company that can come to your job site and take care of the process for you. Most office shredders do not provide a secure data destruction.
  1. Shredding and then recycling paperwork keeps the landfills from filling up sooner than it should. Paper is one of the most used materials in circulation. Just about every house and company throws out paper on a daily basis. By shredding paper landfills will be around for trash that cannot be recycled for a longer period of time.
  1. In some cases shredding of personal information keeps a company compliant with Data Protection Laws in Ireland. The Data Protection Commissioner provides useful information about how to destroy or handle personal information.
  1. It gives customers and business owners an unspoken bond of trust knowing that they are looking at for the well fare of each other.
  1. From an environmental standpoint document shredding protects trees from being used for new paper products.
  1. Document shredding also provides a safe and clean way of waste disposal. A clean desk policy can help reduce having a bunch of loose papers sitting around the office taking up space.
  1. The process gives you the joy of knowing that you are doing your part to protect the environment and the personal lives of your customers. Companies that go out of the way to protect their customers will find loyalty and more sales because they are a trusted established business.

Security and Compliance are important words for us at Security In Shredding. Document shredding services are available both on site and off site. For more information please visit our site.

What To Keep & What To Shred: Document Retention Policy

Posted on by
Reply

Data Retention & data destruction

At Security In Shredding, document shredding is done with confidentiality and security is paramount when carrying out data destruction service. Data breaches occur when people are negligent or not aware of a breach. The most recent high profile story being the “Panama Papers” leak.

The Panama Papers is the latest mega data breach where millions of confidential documents from a Panamanian law firm were leaked, exposing offshore bank accounts – and possibly tax havens – for wealthy clients.

In light of this recent breach “I think we need to change the fundamental design of the way each and every document is created and managed,” –  commented Bill Anderson of cyber security company OptioLabs, in a cnet.com story about the Panama Papers.

While there are many aspects to data security, a sound document retention policy is one of the most important. Knowing what confidential documents to keep and which ones to permanently destroy should be of concern to everyone. Maintaining a clean desk policy will also help minimise the risk of confidential documents getting lost with other data.

This high profile case may sound like it won’t happen to you but the chances are that the data breach occurred by improper use or destruction of a data. All it takes is one wrong move for all your data to be accessed.

Below are some document retention policy guidelines to help keep your information secure.

  • Information Audits: Use audits to identify the types of documents the business produces, and to create an inventory and keep it updated.
  • How Long To Keep Tax Records? There are two parts to data retention: how long documents will be useful to the business, and how long they must be retained based on government and industry requirements. Checking with Revenue.ie on how long to retain your tax returns.
  • Fines – either way: While it’s law to keep certain documents, if you retain a record for too long you might also expose yourself to litigation risks and fines. Like most privacy laws, Data Protection Act compliance stipulates the record must be securely disposed of when the official retention period is over.
  • Emails: Records are paper files, digital documents, and correspondence including emails. According to wired.com, the Panama Papers leak included more than 4.8 million emails (as well as 3 million database files and 2.1 million PDF’s). If emails aren’t part of an important business or legal use or not subject to regulatory compliance, delete them within the appropriate time frame.
  • Controlled Access: Index all documents for easy retrieval. Store in a secure, locked location and/or in a password protected file. Control who can access sensitive documents and logging when this information has being accessed. Storing unwanted documents increases the risk of a Data Breach and adds to clutter.
  • Secure disposal: The only acceptable way to discard paper or digital documents when they are no longer needed is to completely destroy them. Industrial Shredding companies can dispose large quantity of documents, and outsourcing eliminates risk. Partner with a reputable shredding company that has secure chain of custody processes for information destruction. A Certificate of Destruction will document compliance and should be issued after every shred.

At Security In Shredding data security is equally important as confidential data destruction. An on site service or off site service is available throughout Ireland. Please visit our site for more information.

Data Breach Incidents in Educational Institutions

Posted on by
Reply

paper-vs-digital

Shredding companies in Ireland are employed by educational institutions such as colleges and universities. These institutions are considered easy targets because of their open structure and long information retention periods.

Data Breaches have occurred in educational institutions ranging from lost laptops with sensitive information to targeted cyber-attacks and student identification cards. There are lots of other confidential data that is useful to attackers beyond payment data and student records; such as employee records, patient health information and scientific research data. Paper shredding or document shredding will reduce the risk of data breaches

Negative public exposure regarding a breach will have a negative impact on the reputation of the educational institution as well as the enormous knock on effect it would have regarding peoples data. In order to minimise the risk of any size of a data breach a Risk Reduction Strategy must be established.

Security in Shredding recommend a number of methods to include in a Risk Reduction Strategy;

  1. Data Security” has to become “second nature” within the colleges and universities from the top down. A Data Security Informational Event should be organised by the educational institutions to inform in a fun way, the students and employees the importance of data protection and data security. You could look upon this as a form of training – Knowledge is key.
  1. Make students and employees aware of the Data Security Policies and Procedures. Use means such as bulletin board, posters, newsletters etc.
  1. Regular risk assessments should be conduct on an on-going basis to identify where the gaps in information security exist and to establish and provide the solutions.
  1. Physical Security of all sensitive data is very important. Secure restricted authorised access for key personnel is an important measure to take to minimise the number of unauthorised access events.
  1. Maintain a “Clean Desk Policy” and place all sensitive paper records that is no-longer required in the lockable secure console that is provided by the contracted Data Destruction Service Provider such as Security in Shredding.
  1. Implement and utilise IT security tools such as firewalls, encryption, anti-virus software etc. It is important to protect both digital data and hard paper data.
  1. Establish and use a Document Management Process for the tracking of documents, generation, storage and destruction of documents.
  1. Use the professional secure recognised services of a registered data processor whom is an established Full Data Management Service Provider, such as Security in Shredding whom provides a complete secure chain of custody for your data needs.

If you would like to find out more about on site paper shredding and or off site paper shredding, contact Security in Shredding’s Data Consultant Team on 067 24848. They are glad to help.

Minutes To Happen & Weeks To Realise; Data Breaches

Posted on by
Reply

Phising Most Common Data Breach

At Security In Shredding we ensure that all data processed by us is confidentially and securely destroyed. Data destruction is vital part of business practice. Data security is paramount to us and the success of a business. Preventative methods to improve your data security comes in many forms. IT security is an area that can overlooked due to newer technologies and people not aware of IT pitfalls.

A report from Siliconrepiblic writes about a common data breach method and is important that people are aware of such an attack. Knowing these potential risks is important is today’s high tech world. The article writes:

“Phising” What Is It ?

A Google search will give you the following definition:

“Phishing is the attempt to acquire sensitive information such as usernames, passwords, and credit card details (and sometimes, indirectly, money), often for malicious reasons, by masquerading as a trustworthy entity in an electronic communication.”

Phishing is still the No 1 cause of data breaches and hackers are getting faster at breaking in, but firms are struggling and usually only find out weeks and even months later they have been breached, according to the 2016 Verizon Data Breach Investigations Report.

According to the report, in 93% of cases it took attackers minutes or less to compromise systems.Meanwhile, it took companies weeks or more to discover that an incident had even occurred.Worse, it was typically customers or law enforcement that sounded the alarm and not the organisation’s security measures.

‘A test we ran last year found that 23% of people that opened a message went on to open the attachment. In our latest report that has increased to 30%’
– LAURANCE DINE, VERIZON

According to the report, most reasons for breaches are money-related and cyber-attackers are indiscriminate and motivated by greed rather than revenge or some crusade.

Gone Phishing, Gone Data

Laurance Dine, managing principal in charge of investigative response with Verizon, told Siliconrepublic.com that phishing is still the chief method hackers use to attack organisations.

The report found that, in 2016, some 63% of confirmed data breaches involved leveraging weak, default or stolen passwords. Passwords such as “123456” and or “password” are used more often than you think 39% of breaches originate from victims’ own work areas and 34% from employees’ work vehicles.

Some 70% of data breaches involving insider misuse took months or years to discover.The report also revealed that new technologies like mobile and the internet of things are providing hackers with more ways of breaching an organisation’s systems.The industries most affected by data breaches are the public sector, healthcare and information.

Dine told Siliconrepublic.com that the data information was gathered from more than 67 partners worldwide and involved the analysis of 2,260 confirmed data breaches.

“There is still a serious information deficit when it comes to attacks. Attackers are getting into environments in minutes or days and it could be months and years down the line before anyone is aware of it and they usually hear it from law enforcement.

“Phishing is still the principal method of attack. A test we ran last year found that 23% of people that opened a message went on to open the attachment. In our latest report that has increased to 30%.”

“But if you are after the low-hanging fruit, the No 1 motivation for data breaches is still financial. Any data worth any value is a target.”

Read Siliconrepublic full article here: https://www.siliconrepublic.com/enterprise/2016/04/25/verizon-data-breach-report-2016

At Security In Shredding we strive to ensure that all documents and its data is processed securely destroyed on site or off site. Confidential shredding services are available throughout Ireland and we regularly operate in the Dublin, Galway, Limerick, Cork areas. Please visit: https://www.securityinshredding.com/

 

10 Threats Against Data Security For Small Business

Posted on by
Reply

privacy-data-security

Bigger companies incorporate off site data destruction practices, small businesses often don’t have the financial resources to house large scale IT departments, purchase the latest and greatest technology or invest into data security.

Many a cash-strapped small business finds itself operating its critical systems on computers that are old, slow and often times insecure. This leaves them susceptible to a wide array of security pitfalls and privacy threats, including data leaks and identity theft.

Fortunately, beefing up your security doesn’t necessarily mean draining your bank account. There are many inexpensive options to improve the security of your small business and protect your information.

Geoffrey Arone, serial entrepreneur and co-founder of SafetyWeb, gave his take on 10 very real threats facing small businesses and how they can be addressed in ways that are free or inexpensive.

1. Data Breach Resulting From Poor Networking Choices
Enterprise-level networking choices that are found in large IT departments around the world carry costs that price small or medium businesses out of the market. SMBs that have networks often use networking devices targeted at home users. Some may forgo the use of routers at all, plugging directly into the internet.

Business owners can block most threats by using a quality router, like a NETGEAR or Buffalo brand router, and making sure to change the router password from the default to something more secure.

2. Data Breach Resulting From Improper Shredding Practices
Trivial as it may seem, dumpster diving identity thieves target businesses that throw out paperwork without shredding it. Your small office shredders will NOT suffice for a secure document destruction, but a industrial paper shredding company is a wise investment if private or sensitive information is printed and shredded daily.

3. Identity Theft Resulting From Public Databases
Individuals, especially business owners, often publish lots of information about themselves in public databases. Businesses are registered with governments, telephone numbers are in the phone book, and many individuals have social media profiles with their address and date of birth. Many identity thieves can use information obtained across various public forums to construct a complete identity.

4. Identity Theft Resulting From Using A Personal Name Instead Of Filing An OA
Sole-proprietors that have not registered a business name to receive “operating as” designation are at a far higher risk of identity theft due to their personal name, rather than their business name, being published publicly.

5. Tax Records Theft Around Tax Time
Businesses should ensure that tax returns are dropped off at the post office and refunds are collected promptly from the mailbox. Identity thieves often steal tax returns from an outbox or mailbox.

6. Bank Fraud Due To Gap In Protection Or Monitoring
Business owners know that it is vital to balance their accounts every month to ensure that checks are not being written out of business funds by embezzlers, but many businesses rarely, if ever, check what kind of credit accounts have been opened under the business name. Monitoring services like myID.com can alert business owners when new credit accounts are opened fraudulently.

7. Poor E-mailing Standards
Many businesses treat e-mails as confidential communications, but this is far from the case. They are available to a number of people other than the recipient. It’s more appropriate to treat e-mails as postcards, rather than sealed letters.

8. Failing To Choose A Secure Password
In fact, many security experts are recommending the use of a pass phrase, rather than a pass word. Pass phrases are several words long, at least three, and are far more secure than passwords. A pass phrase like “Friday blue jeans” can be typed far quicker than a complicated password, and it doesn’t need to be written down on a post-it. The length of a password increases security.

9. Not Securing New Computers Or Hard Drives
Businesses that had their IT system professionally installed may opt to upgrade a computer or two by themselves. This is strongly discouraged on a business network, as new computers must be professionally secured or else they pose a serious threat and an entry point for hackers.

10. Social Engineering
Social engineers are individuals that call and claim they are from another organization. They may even claim to be with a firm that a business owner does business with. If someone you do not know calls on the phone, be sure that it is the person you think it is before revealing passwords or confidential information.

For more information on a paper shredding or confidential document shredding service in the Cork, Limerick, Galway and Dublin area, please visit: https://www.securityinshredding.com/

Like, Subscribe and Follow us on Twitter: @Securityinshred

Addressing Incorrect Data Destruction Habits

Posted on by
Reply

Data Protection, Paper Shredding, limeirck paper shredding

Shredding confidential paper in a business must be done and there are legislations in place to protect against data breaches. Failure to enforce these laws or inadequate data protection in place by a business will result in a hefty fine of up €100,000.

Human error is is arguably the biggest cause of data breaches are caused by employees and contractors. Human error is not solely to blame. Even high profile hacking cases involve employees inappropriately clicking on links and allowing the bad guys in. It is quite easy with a little bit of know how you can be easily tricked and baited into clicking a malicious link that will cause a data breach.

When it comes to proper data destruction, or avoiding data breaches due to improper destruction of data and confidential information. It comes down to employees knowing the dangers and pitfalls of potential data breaches within the office. Despite any amount of training, however, there is one lesson too many data controllers have learned the hard way. In order to maximize compliance, proper disposal of information has to be easy for the employee.

Some organisations might require employees to use a shredder in the copy room which is not easy. So much so that it is not even reasonable to think they will consistently do it. Whether because of carelessness, workload issues, pressures outside work, or laziness, compliance failure is inevitable. Nor is it reasonable to give employees the discretion on what is destroyed or options on where information-bearing media should go. Whenever a recycling bin is next to a shred bin, it is easy to find confidential information in the recycling bin. Making this process as easy as possible for our customers is recommended. We clearly have each console labelled so our customers know exactly what we can and can’t take in our locked consoles. We provide staff awareness days to help businesses improve their data security.

Data Protection, Secure Paper Shredding

The same goes for IT asset disposal. Since employees are less likely to toss out computers, it can be less of an issue. However, leaving the decision to the IT department instead of dictating the procedure through security and compliance can cause a problem. With electronic storage devices there is no true way to destroy the data using software. A physical destruction of the device must be done to ensure data destruction.

Educate and Awareness for you and your employees benefits with proper data destruction. Contacting a Secure Confidential document destruction service to incorporate into the business practice will improve your data security and destruction.

For more information on a secure document destruction service in Ireland, then please visit: https://www.securityinshredding.com/ or

please like, share and follow us on Twitter: @Securityinshred

Adopting A Secure Document Shredding Strategy For Business

Posted on by
Reply

 confidential shredding, clean desk policy

A secure document shredding policy is integral to any business and protecting customer data is legislative. The Data Protection Commissioner implements the provisions of EU Directive 95/46. Not only are these regulations that require businesses to shred documents securely, but it is also part of running a business and maintaining a positive business reputation.

Why Businesses Need To Securely Destroy Documents?

Every day, companies create paper documents and these documents require shredding. Practically any document that contains data and especially sensitive data needs to be shredded. In particular data containing the following would be regarded as sensitive data:

  • Person’s Name
  • Address
  • contact information
  • Account Details
  • Credit Card Details
  • Budget Reports
  • Medical Reports
  • Payroll information
  • Legal contracts
  • Receipt Information

This is a snippet of what data to shred any and all documents should be securely destroyed by a secure document shredding service.

How This Data Can Be Used Against You?

Not only is forgery and fraud a major issue but also there is of course the potential for bad publicity, loss of customers and lawsuits to name but a few of the dangers. Identity theft is a common issue with data breaches. Criminals will use this data to either make purchases or obtain more data under the pretence of your name.
It is important that all businesses shred or destroy certain sensitive documents. Law enforcement, legal industries, government agencies, banks, health care providers, insurance providers, financial brokers, and real estate are just a few industries where managing paperwork is crucial.

How To Manage Business Documents Safely & Effectively?

A detailed security policy for every type of document your business handles is essential and employees need to know these policies before starting work.

For example:

What are the shredding requirements for the various document types that your company frequently uses? What are employees allowed to photocopy? Incorporating a reputable Confidential Shredding Company that has a good track record. While also training employees about the correct method of destroying sensitive documents and ensuring correct secure policies about how long to hold and when to destroy documents.  Access to company records should be controlled and restricted to a small number of trusted individuals and there should be rules relating to access of these records. A notification or logging system can also be in place to account for what and where data is being used.

At Security In Shredding we operate throughout Ireland and frequently do business in areas of Dublin, Galway, Limerick, Cork and Waterford areas.

For a more information on Shredding confidential paper Services & data destruction service, please visit: www.securityinshredding.com

Like, Subscribe to our Twitter: @Securityinshred

5 Reasons to Hire a Data Destruction Service Provider

Posted on by
Reply

Media Destruction Data Protection

Confidential shredding is available in the Limerick area provided by Security In Shredding. Incorporation a data destruction service into your business practice is beneficial for your data security and data protection. While also being a good recycling practice.

Top 5 reasons why you should hire a Data Destruction company such as Security in Shredding:

  1. Data Security

In order to protect confidential information and reduce the risk of a data breach, Security in Shredding advise to outsource data destruction requirements to a professional, certified service provider. All data containing personal information must be securely destroyed when it reaches its end of life.

“An office shredder simply can’t provide the same security as a professional company. A reliable document destruction company provides a secure chain of custody, from the time the documents are collected, through to shredding using cross-cut shredders, and ends with” a Data Processing Certificate after each service delivery.

  1. Compliance

It is not just simply destroying documents that are no longer needed, but it is both best practise and it is in Data Protection Legislation.

data destruction and collection service

  1. Saves Money

By outsourcing your data destruction requirements you are cutting out the cost of purchasing an in house shredding machine, maintenance costs resulting in saving money. You are also reducing the amount of employee down time spent on the shredding of data resulting in the employee being 100% focused on their own job.

  1. Convenience

A renowned shredding company will provide the client with lockable receptacles and locate them in suitable and convenient locations around the building. These locations will be previously identified with the client to ensure the employees have ease of access to place paper data awaiting destruction.

At a prearranged date and time Security in Shredding will arrive on site and remove and replace the receptacles of paper for destruction with little or no disruption, for shredding.

  1. Additional Services

There are a number of other mediums of confidential data that needs to be destroyed. Out of date PC’s, e-data carriers and storage devices also require destruction when the data on them reaches end of life. Research has shown for example that wiping a hard drive is not a guaranteed method of destroying the e-data contained within but physical destruction is the most reliable method of destruction of data. You have total peace of mind that the data is 100% beyond reconstruction.

For more information on a data destruction and media destruction service, please visit: https://www.securityinshredding.com/limerick-shredding-services.php for more information. We are also available throughout the country along with Limerick our paper shredding is available in the Dublin, Galway and Cork areas.

Follow us on Twitter @Securityinshred and please like, subscribe and share.