7 Questions Dealing With Sensitive/Personal Data

privacy-data-security

We live in a digital information age and how this information in gathered and viewed is through mobile or electronic devices. On site document shredding services will handle your paper data and also digital media to be destroyed securely.

Cyber liability, cyber security and information governance are terms that managers and directors are aware of due to high-profile data security breaches in recent events (“Panama papers”). Mason Hayes & Curran covers the critical questions these companies need to be asking.

In an increasingly interconnected world, with the expansion of the internet and development of the internet of things (IoT), there has been a corresponding increase in the vulnerability of information systems to attack.

The Cyber Security for Directors app with the Institute of Directors in Ireland has released an app to help heads of companies to understand their responsibilities regarding digital data security.

The app details the various types of cyber liability and cyber risks, while drawing together the key areas for directors to consider. It also outlines both proactive and reactive strategies to manage cyber security. The app is available on Android and iOS.

Technology has rapidly changed over the past 20 years and continues to grow. People’s reliance on digital devices both for storage and transmission of data, is making data breaches all the more damaging to organisations. How a mobile device operates both the front end (you) and back end(server) is not that transparent unless you have a good understanding of data transfers.

Knowing how this works is not essential but can make it easer to understand where the pitfalls lie within a device will benefit data security.

Where there is liability, there is a corresponding responsibility for that liability. As the duties of directors come increasingly under the microscope, it is clearly in the interests of directors to ensure that they understand their responsibilities in this area.

Below, we have outlined the key questions that directors should ask in relation to the collection and processing of data

1. Are we being transparent?

Data must be obtained fairly and the company must be transparent about the reason the data is being collected and the purpose for which the data will be used. Data must not then be put to a further incompatible use.

2. Do we have consent?

Consent is usually, but not always, required. If the information is non-sensitive, there can be implied consent. If the information gathered is sensitive (such as relating to an individual’s health, race, sex life, religious beliefs or trade union membership) then there must be explicit consent.

3. How long are we retaining data for?

Personal data can only be stored for as long as is necessary. There should be no retention of data ‘just in case’.

4. Are we collecting unnecessary data?

Data should only be collected if necessary. There are PR risks to any company if data is collected and stored unnecessarily.

5. Are we keeping the data secure?

You must have appropriate security measures to protect any data you are storing. Take into consideration the state of the technology you are using, the cost of implementation and the nature of the data and potential harm if a breach occurs.

6. Are we giving the data to third parties?

Are the third parties controllers or processors? In other words, on whose behalf will they use the data? If they are controllers, you will likely need consent for collection. If they are processors, special written contract terms are required.

7. Is the data leaving Europe?

If collected data remains within the European Economic Area (EEA), transfer issues do not arise. If the data is to be transferred outside the EEA then safeguards are required unless it is an approved country, eg Canada.

Check out www.mhc.ie for more information on Tech law.

Industrial paper shredding and media destruction are performed securely and confidentially by our team at Security In Shredding. For more information on our shredding or destruction services please contact us.

 

5 Data Security Tips To Protect A Company’s Sensitive Data

Secure Paper Shredding Hard Drive Shredding WEEE Destruction

For many small business owners, are aware of the potential data breaches that can occur. Secure document shredding is one method of data security but most people will think “It wont happen to me” and when it does happen it can cost the business upwards of €100,000 fine if data security was inadequate. For a small business, one data breach can destroy their reputation and customer confidence.

Below are 5 tips to implement data protection solutions that all small businesses can do today to protect their customers, their reputation and their people against data breaches:

  1. Implement a Clear-out Shredding Policy

Clear-out Shredding policies ensure all paper documents are shredded before being recycled or disposed. The Clear-out Shredding Policy removes any uncertainty around whether documents are confidential and require shedding. This simple step is one of the easiest ways to avoid human error including mishandling of confidential documents and files. In addition, all shredded paper is recycled, adding an environmental benefit to a security solution for businesses. Overall, it leaves little to be decided around the type of information that should not be deposited in recycling bins and waste paper baskets.

  1. Encrypt all electronic devices

Mobile devices are everywhere. There are more mobile devices than people in circulation. A workplace mobile will be used so employees can access the information they need remotely, which means company information may be exposed to greater security vulnerabilities. Encrypting all electronic devices is an important first step in securing information.

All electronic devices used by employees should be encrypted to protect sensitive data regardless for their own benefit and not just the company or organisation. In the event that electronic devices are lost or stolen, encryption will protect the information stored on the device and mitigate any compromising activity.

End to end encryption” is a term you should look out for especially when transferring data. Software applications can do the same function a number of different ways. Knowing how they operate is recommended.

  1. Maintain Clean-desk policy

A clean-desk policy encourages employees to clear their desk and secure documents in a filing cabinet or storage unit when they are away from their desk or office at the end of the day. This includes documents, files, notes, invoices, and removable digital media like memory sticks. Unattended and untidy work stations pose a greater risk as loose information is an easy target for theft. A clean-desk policy ensures that all confidential data is locked in a secure area.

  1. Protect Printers & Peripheral Devices

Implement a ‘best practices’ standard for printing confidential information. Encourage employees and staff to not leave documents unattended at a shared printing station. To strengthen security around printing stations, consider using passwords for printing jobs. A printer is connected to a network and can be an entry point for hackers to access a network. Any other peripheral device that’s connected to a network may need an added layer of security just in case.

  1. Designate a Security Manager

If your business or organisation does not have one, now is the time to assign someone to do it. While it is important to have senior management and leadership play a vital role in mitigating data breaches, engaging employees from all levels and cross-departments helps strengthen an organization’s focus and commitment on information security.

At Security In Shredding maintaining data security is a vital importance to us. We must comply with data protection laws. For more information on paper shredding and data destruction services, please get in touch with one of our staff for more information.

What To Keep & What To Shred: Document Retention Policy

Data Retention & data destruction

At Security In Shredding, document shredding is done with confidentiality and security is paramount when carrying out data destruction service. Data breaches occur when people are negligent or not aware of a breach. The most recent high profile story being the “Panama Papers” leak.

The Panama Papers is the latest mega data breach where millions of confidential documents from a Panamanian law firm were leaked, exposing offshore bank accounts – and possibly tax havens – for wealthy clients.

In light of this recent breach “I think we need to change the fundamental design of the way each and every document is created and managed,” –  commented Bill Anderson of cyber security company OptioLabs, in a cnet.com story about the Panama Papers.

While there are many aspects to data security, a sound document retention policy is one of the most important. Knowing what confidential documents to keep and which ones to permanently destroy should be of concern to everyone. Maintaining a clean desk policy will also help minimise the risk of confidential documents getting lost with other data.

This high profile case may sound like it won’t happen to you but the chances are that the data breach occurred by improper use or destruction of a data. All it takes is one wrong move for all your data to be accessed.

Below are some document retention policy guidelines to help keep your information secure.

  • Information Audits: Use audits to identify the types of documents the business produces, and to create an inventory and keep it updated.
  • How Long To Keep Tax Records? There are two parts to data retention: how long documents will be useful to the business, and how long they must be retained based on government and industry requirements. Checking with Revenue.ie on how long to retain your tax returns.
  • Fines – either way: While it’s law to keep certain documents, if you retain a record for too long you might also expose yourself to litigation risks and fines. Like most privacy laws, Data Protection Act compliance stipulates the record must be securely disposed of when the official retention period is over.
  • Emails: Records are paper files, digital documents, and correspondence including emails. According to wired.com, the Panama Papers leak included more than 4.8 million emails (as well as 3 million database files and 2.1 million PDF’s). If emails aren’t part of an important business or legal use or not subject to regulatory compliance, delete them within the appropriate time frame.
  • Controlled Access: Index all documents for easy retrieval. Store in a secure, locked location and/or in a password protected file. Control who can access sensitive documents and logging when this information has being accessed. Storing unwanted documents increases the risk of a Data Breach and adds to clutter.
  • Secure disposal: The only acceptable way to discard paper or digital documents when they are no longer needed is to completely destroy them. Industrial Shredding companies can dispose large quantity of documents, and outsourcing eliminates risk. Partner with a reputable shredding company that has secure chain of custody processes for information destruction. A Certificate of Destruction will document compliance and should be issued after every shred.

At Security In Shredding data security is equally important as confidential data destruction. An on site service or off site service is available throughout Ireland. Please visit our site for more information.

Minutes To Happen & Weeks To Realise; Data Breaches

Phising Most Common Data Breach

At Security In Shredding we ensure that all data processed by us is confidentially and securely destroyed. Data destruction is vital part of business practice. Data security is paramount to us and the success of a business. Preventative methods to improve your data security comes in many forms. IT security is an area that can overlooked due to newer technologies and people not aware of IT pitfalls.

A report from Siliconrepiblic writes about a common data breach method and is important that people are aware of such an attack. Knowing these potential risks is important is today’s high tech world. The article writes:

“Phising” What Is It ?

A Google search will give you the following definition:

“Phishing is the attempt to acquire sensitive information such as usernames, passwords, and credit card details (and sometimes, indirectly, money), often for malicious reasons, by masquerading as a trustworthy entity in an electronic communication.”

Phishing is still the No 1 cause of data breaches and hackers are getting faster at breaking in, but firms are struggling and usually only find out weeks and even months later they have been breached, according to the 2016 Verizon Data Breach Investigations Report.

According to the report, in 93% of cases it took attackers minutes or less to compromise systems.Meanwhile, it took companies weeks or more to discover that an incident had even occurred.Worse, it was typically customers or law enforcement that sounded the alarm and not the organisation’s security measures.

‘A test we ran last year found that 23% of people that opened a message went on to open the attachment. In our latest report that has increased to 30%’
– LAURANCE DINE, VERIZON

According to the report, most reasons for breaches are money-related and cyber-attackers are indiscriminate and motivated by greed rather than revenge or some crusade.

Gone Phishing, Gone Data

Laurance Dine, managing principal in charge of investigative response with Verizon, told Siliconrepublic.com that phishing is still the chief method hackers use to attack organisations.

The report found that, in 2016, some 63% of confirmed data breaches involved leveraging weak, default or stolen passwords. Passwords such as “123456” and or “password” are used more often than you think 39% of breaches originate from victims’ own work areas and 34% from employees’ work vehicles.

Some 70% of data breaches involving insider misuse took months or years to discover.The report also revealed that new technologies like mobile and the internet of things are providing hackers with more ways of breaching an organisation’s systems.The industries most affected by data breaches are the public sector, healthcare and information.

Dine told Siliconrepublic.com that the data information was gathered from more than 67 partners worldwide and involved the analysis of 2,260 confirmed data breaches.

“There is still a serious information deficit when it comes to attacks. Attackers are getting into environments in minutes or days and it could be months and years down the line before anyone is aware of it and they usually hear it from law enforcement.

“Phishing is still the principal method of attack. A test we ran last year found that 23% of people that opened a message went on to open the attachment. In our latest report that has increased to 30%.”

“But if you are after the low-hanging fruit, the No 1 motivation for data breaches is still financial. Any data worth any value is a target.”

Read Siliconrepublic full article here: https://www.siliconrepublic.com/enterprise/2016/04/25/verizon-data-breach-report-2016

At Security In Shredding we strive to ensure that all documents and its data is processed securely destroyed on site or off site. Confidential shredding services are available throughout Ireland and we regularly operate in the Dublin, Galway, Limerick, Cork areas. Please visit: https://www.securityinshredding.com/

 

Addressing Incorrect Data Destruction Habits

Data Protection, Paper Shredding, limeirck paper shredding

Shredding confidential paper in a business must be done and there are legislations in place to protect against data breaches. Failure to enforce these laws or inadequate data protection in place by a business will result in a hefty fine of up €100,000.

Human error is is arguably the biggest cause of data breaches are caused by employees and contractors. Human error is not solely to blame. Even high profile hacking cases involve employees inappropriately clicking on links and allowing the bad guys in. It is quite easy with a little bit of know how you can be easily tricked and baited into clicking a malicious link that will cause a data breach.

When it comes to proper data destruction, or avoiding data breaches due to improper destruction of data and confidential information. It comes down to employees knowing the dangers and pitfalls of potential data breaches within the office. Despite any amount of training, however, there is one lesson too many data controllers have learned the hard way. In order to maximize compliance, proper disposal of information has to be easy for the employee.

Some organisations might require employees to use a shredder in the copy room which is not easy. So much so that it is not even reasonable to think they will consistently do it. Whether because of carelessness, workload issues, pressures outside work, or laziness, compliance failure is inevitable. Nor is it reasonable to give employees the discretion on what is destroyed or options on where information-bearing media should go. Whenever a recycling bin is next to a shred bin, it is easy to find confidential information in the recycling bin. Making this process as easy as possible for our customers is recommended. We clearly have each console labelled so our customers know exactly what we can and can’t take in our locked consoles. We provide staff awareness days to help businesses improve their data security.

Data Protection, Secure Paper Shredding

The same goes for IT asset disposal. Since employees are less likely to toss out computers, it can be less of an issue. However, leaving the decision to the IT department instead of dictating the procedure through security and compliance can cause a problem. With electronic storage devices there is no true way to destroy the data using software. A physical destruction of the device must be done to ensure data destruction.

Educate and Awareness for you and your employees benefits with proper data destruction. Contacting a Secure Confidential document destruction service to incorporate into the business practice will improve your data security and destruction.

For more information on a secure document destruction service in Ireland, then please visit: https://www.securityinshredding.com/ or

please like, share and follow us on Twitter: @Securityinshred

Adopting A Secure Document Shredding Strategy For Business

 confidential shredding, clean desk policy

A secure document shredding policy is integral to any business and protecting customer data is legislative. The Data Protection Commissioner implements the provisions of EU Directive 95/46. Not only are these regulations that require businesses to shred documents securely, but it is also part of running a business and maintaining a positive business reputation.

Why Businesses Need To Securely Destroy Documents?

Every day, companies create paper documents and these documents require shredding. Practically any document that contains data and especially sensitive data needs to be shredded. In particular data containing the following would be regarded as sensitive data:

  • Person’s Name
  • Address
  • contact information
  • Account Details
  • Credit Card Details
  • Budget Reports
  • Medical Reports
  • Payroll information
  • Legal contracts
  • Receipt Information

This is a snippet of what data to shred any and all documents should be securely destroyed by a secure document shredding service.

How This Data Can Be Used Against You?

Not only is forgery and fraud a major issue but also there is of course the potential for bad publicity, loss of customers and lawsuits to name but a few of the dangers. Identity theft is a common issue with data breaches. Criminals will use this data to either make purchases or obtain more data under the pretence of your name.
It is important that all businesses shred or destroy certain sensitive documents. Law enforcement, legal industries, government agencies, banks, health care providers, insurance providers, financial brokers, and real estate are just a few industries where managing paperwork is crucial.

How To Manage Business Documents Safely & Effectively?

A detailed security policy for every type of document your business handles is essential and employees need to know these policies before starting work.

For example:

What are the shredding requirements for the various document types that your company frequently uses? What are employees allowed to photocopy? Incorporating a reputable Confidential Shredding Company that has a good track record. While also training employees about the correct method of destroying sensitive documents and ensuring correct secure policies about how long to hold and when to destroy documents.  Access to company records should be controlled and restricted to a small number of trusted individuals and there should be rules relating to access of these records. A notification or logging system can also be in place to account for what and where data is being used.

At Security In Shredding we operate throughout Ireland and frequently do business in areas of Dublin, Galway, Limerick, Cork and Waterford areas.

For a more information on Shredding confidential paper Services & data destruction service, please visit: www.securityinshredding.com

Like, Subscribe to our Twitter: @Securityinshred

How to incorporate Recycling into Data Management Security

Improve Office Environment Usage

Many organisations are unfamiliar with how to incorporate methods of recycling in the workplace whilst maintaining Data Security. Shredding companies in Ireland can provide you with a recycling service for your business.

Security in Shredding recommend to have the following;

  • All open and unsecured paper recycling bins in the workplace replaced with Security in Shredding’s lockable office friendly consoles. The benefit of using these consoles is that you know your confidential documents are safe from prying hands and eyes. Your documents cannot be retrieved as the consoles have bevelled slots.
  • Each and every desk should have a specific paper waste bin that is used only for office paper waste. At the end of each employee’s working day, the employee takes the waste paper bin to the lockable console and empties the contents into the console. If an Organisation implements and enforces this process, it will greatly reduce the risk of a possible data breach. As many data breached are as a result of human error, the employer is not relying on the employees to distinguish the confidential paper from the non-confidential paper. This Policy is call a Shred-All Policy.
  • A service provider that employees security-vetted staff to conduct service deliveries. The client has assurance that the personnel whom handle the confidential documents have received extensive security awareness training and have a great understanding of Data Protection Legislation.
  • A service provider whom provides its onsite and offsite shredding services via shredding technologies that are certified to Shred No. 6 of the EN 15713 shredding standard. The benefit of having a Data Destruction Service Provider whom is certified to this shredding standard is that you have total peace of mind and you know that the shredding service is off its highest level.
  • The vast majority of organisations are Data Controllers. Therefore these Data Controllers should most certainly use a Data Processor to processes its confidential data when I reaches its end of life. A Data Processor should issue its client a Data Processing Certificate detailing the quantity of material destroyed, the material type, date of destruction, name and location of the client and the shred number and shredding standard the material was shredded to. The certificate is proof of destruction and allows the client to keep track of data destruction for compliance and other data management purposes.
  • Security in Shredding transport all destroyed paper material to licensed and permitted recycling facilities. The paper material is sent to paper mills. Printing ink is removed and the material is turned into pulp and it is then used to manufacture new paper products. An interesting fact; one tonne of recycled paper saves 17 mature trees and reduces carbon emissions.

By implementing these changes you are contributing to making your organisation greener and whilst increasing the level of data security. For more information on a paper / document shredding service please visit our site for more information.

www.securityinshredding.com 

Earth Day – Friday 22nd April 2016

Shredding Event & recycling

A paper shredding event in Limerick today. Recycling office paper is one of the simplest ways a workplace can do its bit to contribute to helping protect the environment and celebrate Earth Day 2016.

Security in Shredding is assisting Limerick City and County Council by participating in a waste prevention and recycling event at Mungret Recycling Centre from 1pm to 3pm. Not only are the members of Security in Shredding team going to be there to destroy your confidential documents but they will be there to assist both householders and SME’s with any questions they may have regarding the importance of data protection.

The question we need to ask ourselves is does your recycling process protect your confidential information?

“Earth Day was started in 1970 as a way to focus attention on the environmental problems on our planet. This year the Council is holding an event focusing on the 5 R’s, namely Rethink, Reuse, Restore, Repair and Recycle.”

In 1970, the movement gave voice to an emerging consciousness, channelling human energy toward environmental issues. Forty-six years later, we continue to lead with groundbreaking ideas and events throughout the country.

As security breaches are at an all-time high, it is extremely important that every workplace makes data security a priority in the day to day running of their business and incorporate green office strategies and resourcefulness in the actions and celebration of Earth Day every year.

This great public event provides SME’s and householders with a great opportunity to have their confidential paper material shredded on-site to promote Earth Day and the importance of Data Protection. “Shredded paper recycling, for example, saves trees. In fact, every two consoles of shredded and recycled paper saves one tree.”

So call down to Mungret Recycling Centre on the 22nd of April 2016 and avail of the fantastic facilities that are available to celebrate Earth Day 2016.

Security in Shredding look forward to meeting you there and answering any questions you may have. Join in on the conversation at @securityinshred

Common Mistakes Businesses Do When Maintaining Security Of Sensitive Data

Answer;              

Not properly classifying the sensitive information, managing it accordingly and in turn protecting it against current threats.

 

Secure Paper Shredding Hard Drive Shredding WEEE Destruction

 

As you read this from your mobile, tablet and or computer you are viewing data digitally. Paper shredding in Ireland and industrial paper shredding services offer data protection services for said devices. Knowing technology pitfalls is a massive part to data protection while also knowing how and when to share your digital information must also be considered.

There are three critical points to the proper protection of sensitive data.

  1. Data Classification

In line with European Standards; Companies must understand what data needs to be protected and create a Data Classification Policy. This policy in turn will classify data based on sensitivity. At a minimum three levels of data classification are needed.

    • Restricted: This information requires very high protection, Unauthorised dissemination would have serious terminal consequences for the company and infringe trade confidentiality obligations, contracts or laws. It is essential that the confidentiality of personal data is maintained. Otherwise there is a risk to the health and safety or personal freedom of the affected persons.

All data that reaches its end of life should be destroyed to a minimum of Shred No.6 of EN 15713 to ensure destruction beyond reconstruction.

    • Confidential or Private: This is moderately sensitive data that would cause a moderate risk to the company and could infringe legal obligations or laws if compromised. Access is internal to the company or department that owns the data. There would otherwise be a considerable risk to the social standing and financial situation of the affected persons.

All data that reaches its end of life should be destroyed to a minimum of Shred No.4 of EN 15713.

    • Public: This is non-sensitive data that would cause little or no risk to the company if accessed. Access is loosely, or not, controlled.

All data that reaches its end of life should be destroyed to a minimum of Shred No.3 of EN 15713.

 

  1. Encryption – All Organisations should have an encryption strategy in place to ensure all staff are aware and capable of utilising it correctly. The essential element to a good encryption strategy is to use strong encryption and detailed key management.

 

  1. Cloud Misuse – Essentially cloud storage translates to storing your data on someone else’s computer. When it is uploaded, the control over it is no longer only yours. Encryption should always be implemented prior to uploading to the Cloud. It is always advisable to read through the cloud providers policies with regard to handling data.

 

The most important thing for business is to be aware of the technology pitfalls. Secure document destruction in Ireland and its data protection laws are different to other countries. While the laws may be different country to country, the method of data breaches are usually the same. The more you know the better you can protect yourself and business from data breaches.

For more information on a secure document shredding service in the Dublin, Cork, Limerick or Galway area please visit: www.securityinshredding.com

Feel free to join in on the conversation @securityinshred

Reasons why having a “Clear Desk” Policy is beneficial for businesses today

confidential shredding, clean desk policy

A clear space, a clear mind. Paper shredding is a good habit to help clean up and also protect your data. Confidential document shredding service will help you clear out unwanted paper and documents that may have built up over the years.

(Shred your waste paper data)

It is the time of year for new beginnings, new healthy practices and in the business arena new accounting years. Even though we advocate best healthy practice we will now take a look at kick-starting some best practices for housekeeping within your place of work.

When looking around in your offices; are you looking at paper documents stacked in areas to be “Got to at some stage”, as we have begun new healthy habits in our personal lives it is also a great decision to look at implementing a clean desk policy also known as “waste paper procedure” within your offices.

Similar to a clean eating policy where you maintain clean and healthy macronutrients entering your body, a clean desk policy will direct your employees in maintaining a clean desk at all times during their working day.

We are all aware of the benefits of having a clean working area, “a tidy space equates to a tidy mind” however, a clean desk policy will also empower your Organisation to protect data in line with Data Protection Legislation.

Simple guidelines to protect your working data, whether the data is sensitive commercial data and/or personal sensitive data is to;

  1. Passwords and encryption upon electronic data carrier
  2. Have lockable cabinets within your office areas
  • Other suitable secure storage if/when required
  1. Once any of the data has been used and is no longer required you should insert it into secure consoles (Cabinets) awaiting destruction.

A well detailed and structured “Waste paper Procedure/Clean Desk Policy” really is of serious benefit to any Organisation and protects you in many ways such as;

  1. Saved money and resources
    Using a clean desk policy and having a certified vendor saves money upon downtime for staff in destroying old data
  2. Protect your Organisations Data and improve upon internal data flows

Detailing to staff that data digitalisation is the new company policy you will save money upon printing costs, increase efficiencies in data transfers and maintain business competitive with new data storage technologies.

  1. Data Protection law compliance
    It is essential for business to comply with the relevant Data Protection Laws in their jurisdictions, this includes not leaving it resting upon desks for casual bystanders to see the details; the Organisation in turn is protected from receiving for non-compliance fines and penalties
  2. Reduced data breach risk
    When private and sensitive information is protected from unauthorised view, there is less likelihood of information theft, fraud or a security breach, the costs of which can run into the £millions – in fines, reputation damage, and lost business
  3. Create a stronger reliability within your firm
    Ensuring that sensitive information is not left on desks will provide management with peace of mind that possible insider fraud is reduced to a minimum risk.
  4. Create a positive working environment
    As previously covered, a clean and tidy work space results in a clean and tidy mind enabling employees to be happy and consistent with their work duties and create an overall positive atmosphere within your workplace.

For more information, handy tips and beneficial help; Join the conversation on information security with Security in Shredding on Twitter @SecurityInShred.