Tag Archives: Data Security

The Disadvantages of Office Shredders

Posted on by
Reply

Paper Shredding

Data Breaches and Data Security go hand in hand and a incorporating a confidential shredding service will benefit you and your business significantly.

As a result of people becoming increasingly aware and vigilant of their confidential data and conscious of what readable files are disposed off in their bins, small office shredders are consequently on the rise. Many offices have an office shredder tucked in the corner or next to the printer; but in reality these small devices are putting your employees at risk, draining your time, compromising your security and also shredding your money so to speak.

Whereas if you outsource the destruction of your documents to a certified data destruction professional you are eliminating the length of time an employee has to spend feeding the small office shredder, eliminating a data breach, managing your end of life documents efficiently and appropriately reducing the amount of down time an employee spends in the working day.

Is an office shredder safe?

An office shredder is no shortage of blades, cutting knives and teeth moving at a few thousand RPM and it is usually placed in an easy to access area for people to use it. An office shredder cannot tell the difference between a paper and other items, such as:

  • Stray clothing e.g. ties, blouses/ shirts
  • Jewellery
  • Long sleeves
  • Fingers
  • Hair

People don’t realise that if a piece of paper gets stuck in a shredder; most people go to the power point to turn it off. What if it is battery powered? Would you know the shredder was completely powered off?

It’s easy to see how with no training, such a simple device can be a danger to a first-time user.

Time Consuming

The typical office shredder will boast a shredding power of between 3-5 sheets at a time, sounds acceptable but if one is shredding a 30, 50 or 100 page document will soon become a wearisome and time consuming task. Office shredder Manuals will have illustrated  that staples, paper clips or other tough bindings must be removed prior to shredding. Taking these out one by one and checking through pages and pages of paper for stray staples or clips is more time consuming than one might think.

Confidentiality

Why shred the documents you might ask?; The primary reason for shredding your documents should be to maintain confidentiality and security and ensure zero data breaches occur. Many standard budget shredders will cut paper into roughly 40-50 strips, which may seem like a lot, but it wouldn’t take a smart and determined criminal too long to re-assemble 50 strips of an A4 piece of paper and restore it to a legible condition.

Therefore by employing a registered Data Processor whom is a certified shredding service professional to complete all your data destruction requirements; will not only free up employee time but eliminate risk of a data breach and maintain the high level confidentiality that you require.

Cost

It’s difficult to put a cost figure on the security of your information, which is why a professional, efficient and secure shredding service is always advised. The actual cost of an office shredder may initially appear as a cheap investment in comparison to the cost of the services of a certified, registered shredding service provider but from employing a Data destruction service provider you will have little or no employee down-time, guaranteed destruction of documents and 100% total piece of mind.

The shredding service provider removes the shredded paper material from the clients location and transports the shredded material to the licensed waste recycling facility and off-loads the material as part of the cost.

If you’re thinking of making the change from an office shredder to a registered, certified, professional data destruction service provider, you can contact us for our professional advice and affordable prices.

For information on a confidential shredding service please visit:

https://www.securityinshredding.com/

10 Steps To Prevent Data Breach regarding Cyber Security

Posted on by
Reply

Security In Shredding logo

Paper Shredding Services are an important part of business practice. A reputable onsite shredding service can be incorporated for business Data Protection.

Cyber Security comes in many forms and one method which is targeted regularly are credit cards. Criminals will try anything into tricking people to obtain credit card numbers. There are a number of preventative methods you can use to protect your details. Below is a list of steps to look out for to improve your data security:

  1. Don’t be tricked into giving away confidential information;  make sure you do not respond to emails or phone calls requesting confidential information. Report any suspicious activity to IT and/or your manager.
  2. Don’t use an unprotected computer; ensure to use a computer that has latest approved security software prior to viewing and company information (particularly if you are viewing the material from an internet café or shared computer)
  3. Don’t leave sensitive information on your desk; Keep them safe by locking them in a drawer or have them destroyed – shredded securely using a registered Data Processor.
  4. Lock your computer and mobile phone when not in use; Keeps your data and contacts safe from prying eyes.
  5. Stay Alert and report suspicious activity; In case something goes wrong and the sooner you report the issue the faster it can be dealt with.
  6. Password-protect sensitive files and devices; Protecting your devices with strong passwords means you make it incredibly difficult to break in and steal data.
  7. Always use hard-to-guess passwords; Make sure to use complex passwords not just 12345 or abcdef but “G$4s1KoOl” for example. (It is used more often than you think.)
  8. Be cautious of suspicious emails and links; don’t let curiosity get the best of you. If it sounds too good to be true it probably is.
  9. Don’t plug in personal devices without the OK from IT; Personal devices can be compromised with code waiting to launch as soon as you plug them into the computer.
  10. Don’t install unauthorised programs on your work computer; If you like an application and think it would be useful, contact IT to look into it for you before installing.

By following the Do’s and Don’ts mentioned above you will greatly reduce the risk of a cyber attack.

Security in shredding offers this type of security and more. please visit our website for more information: https://www.securityinshredding.com/ 

Cyber Security & Credit Cards, Data Security

Posted on by
Reply

credit-card-scams-data-breaches

Confidential paper shredding is not just about shredding paper. Data comes in many forms and credit cards is one form of data that needs to be protected.

A current example of a cyber security breach is a string of fraudulent activity on customer credit cards used at Trump Hotel Collection. The activity appeared on cards used in the past two to three months at a number of Trumps Hotels. The exact number of hotels this has occurred is unknown at this moment in time but it marks the second breach of the hotel chain in the last year.

Below I have listed some Do’s and Don’ts that we should all apply in our day to day activities;

Do’s :

  • Do keep your credit card safely and treat it as you would treat cash & Never leave it unattended.
  • Do keep your credit card in the same place within your wallet/purse so that you notice immediately if it is missing.
  • Always memorize your Personal Identification Number (PIN) and change it on regular basis.
  • Do Exercise caution while transacting on websites for any on-line purchase.
  • Do make regular payment of your credit card dues. This will help you in avoiding levy of finance charges, late payment charges, etc.
  • Do Change your login Passwords Periodically: We recommend that you change your passwords regularly, at least every 30 days or so. To change your Passwords, login to the ‘Online Credit Cards’ section, then click on the ‘Change Password’ option given on left side of the screen. Please change the password immediately if you think it is compromised.
  • Look for the padlock symbol on the bottom bar of the browser to ensure that the site is running in secure mode before you enter sensitive information.
  • Shred unnecessary financial documents immediately: Discard pin or password mailers immediately after memorizing them. Never write them down.

Dont’s:

  • Do not keep a copy of your PIN in your wallet/purse and never write your PIN number on your credit card.
  • Do not reveal your PIN to any one – not even to your family members.
  • Do not reveal your credit card details/ PIN number/ etc. to any email soliciting your personal information/ any telephonic survey.
  • Do not seek help from strangers at the ATM, even if offered voluntarily, while utilizing your credit card at ATMs.
  • Do not bend your credit card.
  • Never sign an incomplete charge slip.
  • Never open email attachments that have file extensions like .exe, .pif, or .vbs. Such files are usually dangerous.

For more information please visit on a secure shredding service: https://www.securityinshredding.com/

When To Disclose A Data Breach

Posted on by
Reply

iCloud security wake-up call, data brach

Secure document destruction methods must be in place to comply with Data Protection laws. A confidential document destruction service will benefit your business and its Data Protection.

Technology has brought us accessibility to a global market and small businesses have benefited greatly from this boom in technology. With a greater number of devices connected to an online service has also meant that a increase in the number of cyber attacks. Small businesses in particular are now being targeted.

A report from the Wall Street Journal has shown that small law firms are targeted the most due to the potential high profile client base they may have. That being said law firms do not usually hold social security information and the information obtained by hackers may not be beneficial to them.

Under American law, law firms are required to inform the public that a breach has occurred.

Data Protection Commissioner

Under Irish law the Data Protection commissioner has Data Breach guidelines for you and your business to follow. If a breach occurs it is paramount that the matter is dealt with swiftly to minimise damage. Data Protection Commissioner data breach guidelines can be found at the link below.

https://www.dataprotection.ie/docs/Data-Breach-Handling/901.htm

The document informs you on what steps to take if a breach has occurred. With this guide you can easily follow the steps needed to take and the information to provide when informing the Data Protection commissioner.

“Failure to comply with these obligations can result in a criminal prosecution with fines up to €5,000 indictment €250,000 per offence.” 

The document also state “Prevention is better than cure.” Setting up company policies and practices for handling of sensitive data should be implemented immediately. A reputable Shredding Service will also improve Data Security within your company. A shredding service will be able to provide an onsite shredding service. Confidential shredding is paramount to shredding services.

A reputable shredding service will comply with the protocols provided by the Data Protection Commissioner. It is a governing body to help protect your personal data and the data of others.

Please visit our site for more information on a Confidential Shredding Service:

https://www.securityinshredding.com/

Full Article Wall Street Journal Report:

https://blogs.wsj.com/law/2016/03/30/when-do-law-firms-have-to-disclose-data-breaches/ 

 

American college (TCC) affected by data breach

Posted on by
Reply

Security in Shredding Data protection & destruction

Onsite paper destruction and or offsite paper destruction are services provided with shredding companies in Ireland. “Shredding Paper Ireland” will provide you with a decent result when researching for an industrial paper shredding service.

In a recent story involving an American college in Virginia were subject to a data breach involving staff and their names and social security details. 15 of the college employees who had submitted their tax returns to the IRS (American version of Revenue Office) were later told that their tax had already being done using their social security number.

Approximately 3192 employees in the Virginia college system may have being effected by the breach. It appears the details of the leaked data containing the names and social security numbers may have being sent to a fake account from the college.

While this happened in America the method as to how it happened remains the same. A false account was created to look like an official college page. The page will have asked the user to enter in or provide specific data. These scams will prey on human error or uneducated person to transfer this data.

How to protect yourself from these attacks

If you feel your business has being subject to one of these attacks here are a number of things to look out for. If you use a regular paid service whatever the format, these services will have your name on record and will be able to display it on emails and documents.

  • “Dear Customer” can be an indication of something off. A reputable service will easily be able to display your name here instead of customer.
  • Asking you to click a link from the email itself rather than going through the official website of the service provider to pay for services.
  • Do not click on links you are uncertain of going through the service provider site itself is a good practice.
  • Asking for specific details is also a sign of malicious intent. Reputable sites do not ask for this information as information such as passwords are NOT known by the service provider as these are encrypted and only known by you.

What To Do If Breach Occurs

  • Alert the service provider that a breach has occurred
  • Alert relevant authorities such as banks, revenue office so they know to monitor irregular transactions.
  • Inform employees to change passwords to the relevant accounts
  • Inform customers that may have had their data accessed
  • Sooner the better you alert the authorities the quicker and less damaging the data breach will be

The full article involving the TTC can be read here:

https://www.13newsnow.com/news/local/mycity/virginia-beach/tcc-100-employees-affected-by-data-breach/110309810

For more information on data security please
 visit:

https://www.securityinshredding.com/shredding-benefits.php

The Future Of Data Security

Posted on by
Reply

Secure Paper Shredding Hard Drive Shredding WEEE Destruction

Document shredding service are a vital part of Data Protection. Shredding services in Ireland when a clear out shredding is needed. Offsite shredding services can be incorporated into everyday business to comply with Data Protection laws and improving Data Security.

Siliconrepublic an Irish based article site recently posted an interesting article regarding the future of Data security. Data Security is now more than ever vital for businesses to succeed. Technology has continuously improved and grown over the past number of years. The devices used has greatly helped smaller businesses compete with larger companies. With all this growth in technology aspects of the technology have being lost or information about it has become confusing and conflicting.

Data Security with technology will always be a continuous process. Between encryption, mobile devices and cyber warfare means that there will be no end to this process. Security experts can only protect against known breaches. Hackers have a small window of opportunity to work with.

Data Security Small Business

What does this mean for your business. For one, hiring a confidential shredding service that is also reputable and recognised by governing bodies. A shredding service must comply with Data Protection laws. A shredding service implemented within your business will ensure that you are protecting your data and improving data security.

Data Security is more than just electronic devices and digital data. Paper also contains data. Sensitive data in particular must be accessed and handled correctly. Who has access to this data and how this data is destroyed when no longer in use. A shredding service will handle these documents and devices and destroy them in a confidential and secure manor. ISO 9001:2008 is a good mark to look out for before hiring a shredding service for your business.

This type of data is what hackers and criminals try to achieve and will prey on human error to obtain this data. Dumpster diving will occur and if your documents are not shredded or only used a simple office shredder will not securely destroy data. Digital data can be accessed easily if the data is not encrypted or has not being wiped correctly. USB keys should be kept securely in your possession if they contain data. When shredding ask for the DIN level of shredding required to ensure secure data destruction.

Awareness to these methods is paramount to the success of your business and Data Security. If a data breach occurs then your business can be liable and receive a hefy penalty.

Read the full article here:

https://www.siliconrepublic.com/enterprise/2016/03/24/cybersecurity-future-of-security-hackers

Details for a confdential shredding service please visit:

https://www.securityinshredding.com/

Electric Ireland Phishing Scam Warning!

Posted on by
Reply

irish data breaches, Data Protection, Paper Shredding, Data Destruction

A Confidential document destruction service is one among many means of a businesses Data Protection. Data breaches can come in many forms and one method of a data breach is phising. When you hear reports of accounts being hacked or customer details have being released, this is one such method of doing this.

So what is phising?

A simple Google search of this question will provide you with the following answer

“the fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers, online.”

It is common for these type of scams to target high profile companies with a large customer base. Hackers can produce “official” looking emails to trick people into giving their details. There are steps to help protect you against these type of attacks.

Below is an example of the malicious email in circulation:

Screen Capture of malicious email

Read the full article here:

https://www.independent.ie/irish-news/news/electric-ireland-warns-customers-over-sophisticated-phishing-scam-34587520.html

The article writes that the scam was asking customers click a link and enter their username and password. The way the email is worded to convince you that it is official. To the uneducated person this will look and feel official. Asking for your details in this manner is suspicious.

Also “Dear Customer”  should not be there. If it was an official statement then Electric Ireland would have your name in place of customer. Electric Ireland will have your name on storage and will be able to use it in documents.

The links to click are also displayed in a way to deceive you creating a link can be displayed to say anything.

Prevention against phising

  • If you suspect something the report it immediately as the company may not be aware of the issue.
  • Do not click on the links on the email and go through the Electric Ireland site to login
  • If you clicked on the link and feel your details were obtained then change your password immediately and report it to Electric Ireland.
  • Avoid clicking links that display as “here” or “Click Here” etc these can be misleading
  • Asking for your details through email is common practice.
  • Report any suspicious activity.

Microsoft have a detailed list to help protect you against phising scams. Awareness is key to scams like these the more you know the easier it is to protect your data and company reputation from data breach.

Microsoft Tips: https://www.microsoft.com/en-us/security/online-privacy/phishing-faq.aspx

For more information on Data Protection please visit our shredding specialist site

Data Destruction What Is It?

Posted on by
Reply

harddrive destruction, Media Destruction, Confidential Shredding Service

Off site document destruction and or onsite document destruction can be implemented for a purge clear out in business. Secure document shredding services in the Dublin area and throughout the country are necessary to comply with Data Protection laws.

Data destruction is the process of destroying data stored on tapes, hard disks and other forms of electronic media so that it is completely unreadable and cannot be accessed or used for unauthorized purposes. A good data destruction process in your company or business will ensure you are complying with data protection laws. Protecting sensitive data is paramount for a business and if data breaches occur a business or company will receive a hefty penalty if a breach occurs.

On Site Media Destruction Service

Incorporating a on site media destruction service to your daily business will benefit both you and your customers. In today’s market any form of a data leak or breach is a make or break for business and in particular for e-commerce businesses. A reputable confidential shredding service should be sought when the service is needed.

There are a number of reasons for getting your media and a good shredding service will be able to provide most of the following:

 

  • Hard Drive Shredding – Large Quantities

  • Data Erasure

  • Hard Drive Degaussing

  • Hard Drive Crushing

  • Hard Drive Shredding

  • Lockable Bins for Hard Drive Storage

  • Tape Destruction

  • Remote Employee Services

Off Site Media Destruction

Services needed do not always require an on site destruction. Medium to large businesses can avail of off site destruction service where bulk destruction can take place. A good and reputable shredding service would be able to accommodate this.

Knowing weather to go for a on site or off site service will come down to the business owner or manager and enquiring with the shredding service as to which option is recommended and most shredding services will offer free consultation.

Data Destruction Shredding Process

The shredding process of hard drives will occur in a secure environment and is destroyed beyond reconstruction to ensure its security Below is a video description of the shredding process.

 

For more information on Data Destruction and Data Protection or have any enquires about a confidential shredding service please visit:

https://www.securityinshredding.com/

 

Data classification and identification

Posted on by
Reply

Security In Shredding on site service, Onsite shredding service

Confidential shredding in Cork and throughout the country can incorporate a off site document shredding service to promote good business practice.

Internal Data classification and identification is when an Organisation tags their data so it can be managed effectively, securely processes, found quickly and destroyed appropriately.

It is a beneficial exercise for many Organisations as it helps to de-duplicate data stored on devices, this de-duplication vastly speeds ups data searches while also saves upon revenue in the form of storage capacity and back-up requirements for a given Organisation.

This exercise is also required for Organisations who need to meet legal and regulatory requirements for destroying the information beyond reconstruction, not holding information longer than necessary in addition to enabling an Organisation to retrieve specific information within a set timeframe.

Data strategies vary significantly from one organisation to another for many reasons. For example, many may generate different types and volumes of data that are subject to differing legislative requirement and responsibilities. The balance of information type can vary from one user to the next between e-mail correspondence, images, video files, office documents, customer and product information, financial data just to name a few.

It may seem a good idea to tag and classify everything within your Company database however experts here and abroad advise against this due to high costs and success rates within Organisations. Certified database technology is available for Organisations however; this method seems to work best for Governments with an allocated budget for the activity.

Alternatively, it is advised that Organisations can choose certain types of data to classify into the main segments of your business, for example; account data, personal data and commercially valuable data.

It is advised that an Organisation’s data is to be classified in line with their confidentiality requirements. It is important to carry out an information audit at this stage which in turn will give you an accurate view of the nature of the data.

It is essential for an Organisation to ensure that the data it is classifying is of good quality, “Common pitfalls for Organisations is that too much rubbish is allowed to accumulate, from duplication to copies of office party photos to personal letters to bank managers”, storage cleansing technologies are extremely useful at this stage to eliminate obsolete, trivial or redundant content.

Once the classification system is up and running it is important that management and staff take part in periodic reviews as it is not set in stone and business developments can translate to design changes in data classification.

Once the data has been classified an Organisation is empowered with the ability to tailor procedures for specific data in order to maintain regulatory compliance.

Secure Destruction of Sensitive data.

When destroying information whether it be hard paper data or digital data on data carriers it is essential for Organisations to ensure that they comply with regulations and are not proving to be negligent in their processes. For this reason, we have constructed three different protection classes for data that requires specific attention to ensure that the material has been destroyed appropriately.

 

Protection Class

 Risk

 

 Protection 1:Normal security requirement for internal data Unauthorised publication or dissemination would have a limited negative impact on the company. Protection of personal data must be ensured. There would otherwise be a risk to the position and financial situation of the affected persons.
  Protection 2:High security requirement for confidential data
Unauthorised dissemination would have a considerable effect on the company and could infringe legal obligations or laws. A personal data data-breach would result in considerable risk to the social standing and financial situation of the affected persons.
  Protection 3:Very high protection requirements for particularly confidential and secret data. Unauthorised dissemination would have serous terminal consequences for the Company and infringe upon trade confidentiality, place a data subject at risk of safety or freedom, break contracts and legal law.

It is essential that the confidentiality of personal data is maintained.

 

Destruction Tips;

Protection Class 1:

Destruction activities must be carried out in line with a detailed procedure, all staff carrying out destruction activities are to be trained. Alternatively, destruction processes are to be implemented and provided through a data processing firm receiving all data processing certificates for completion of destruction. All data is to be destroyed to shred No. 3 of EN 15713.

Protection Class 2:

Destruction processes of data in protection class No. 2 are to be implemented and provided through a data processing firm receiving all data processing certificates for completion of destruction. All data is to be destroyed to a minimum of shred No. 3 of EN 15713. The data processor must be registered for their services.

Protection Class 3:

Destruction processes of data in protection class No. 3 are to be implemented and provided through a certified data processing firm receiving all data processing certificates for completion of destruction. All data is to be destroyed to a minimum of shred No. 5 of EN 15713. The vendor must be independently certified to destroy paper and digital data beyond reconstruction and they must be registered for their services with the policing authority in the relevant Country.

Visit: https://www.securityinshredding.com/ for more information on a confidential shredding service.

Data Protection Ireland Today

Posted on by
Reply

Data proccesser and data commissioner

Secure document destruction in Ireland can come in the form of an onsite paper shredding service or an off site paper shredding service. Data comes in many forms and The Data protection Act is in place to ensure that this data is protected.

Data Protection is a vital for a business to succeed and remain in business. If customers or users know that your service does not protect your data. It will be a massive loss to business and business reputation. Your business can suffer from a severe penalty for not protecting your data.

An interesting article written by Colm Gorey titled “3 issues defining data protection in Ireland today  The issues discussed are relevant to today’s business. The 3 topics discussed were:

  1. ISO 27018: Cloud computing privacy standard – one year on

  2. Personal data and your right to access it — Ireland vs the UK

  3. Challenges to data protection under the internet of things

The first point talks about the governing of personal data through cloud based systems. Standards have being created to ensure the protection of data and were received well by Data Security experts. The ISO 27018 standard can be read here. Cloud computing has become a major asset to business functionality and knowing what cloud based systems are doing with your data should be investigated and researched when changes if any occur.

The second point refers to Irish and English law. Although both countries have similarities the law for each country does vary and in particular with personal data and access to it. Your business must abide by the rules in place of the country it is based in. A good example of how country laws differ can be read at this link.

Awards of Damages for Data Protection Breaches – UK and Irish Approaches Contrasted

Thirdly the internet of things (IOT) refers to the general use of internet and internet services. Governments and official bodies are trying to develop ideas or frameworks that will regulate the internet of things. What has happened is the EU 28 data protection bodies.

for more information on data protection and a confidential shredding service please visit: https://www.securityinshredding.com/