Why Company’s Need To Address Improper Document & Data Disposal

data destruction and collection service

Secure document shredding specialists deal with physical and digital data on a regular bases. How we handle this data is important to ensure confidentially. Confidential shredding and data protection go hand in hand to prevent data breaches occurring.

It is widely known that employees and hackers are biggest cause of data breaches. There have being high profile hacking cases involving employees inappropriately clicking on links that  permits the hackers access to the organisations network and software system.

In order to have an appropriate confidential document and data disposal system in place, you should firstly contact a service provider whom has ample experience in the industry with a 100% clean track record (i.e. an occurrence of zero data breaches). Such a Data Service Provider will be able to answer all your queries and concerns regarding how to implement a secure and efficient document management system – all the way to end of life documents as well as in-house training of staff and policies and procedures. “At the end of the day, you are relying on employees to manage confidential documents in a secure and confidential manner.”

privacy-data-security

In order for one to have piece of mind, a training programme should be established for the induction and on-going training (in-house) for the organisations employees. When the employees understand the importance of efficient and accurate Data Management and Data Protection Legislation; it minimises the risk of a data breach.

When the data reaches its end of life, it needs to be securely disposed of. This is where a certified professional Data Processor like Security in Shredding provides (at the clients choice) onsite and/or offsite data destruction. A company such as Security in Shredding are specialists in the entire area of Data Management. They have an unblemished record and provide a professional, certified and recognised data destruction services.

In order for an organisation to maximise compliance in the workplace, proper appropriate disposal of information has to be made easily accessible for the employee.

Security in Shredding do not recommend placing a recycling bin in close proximity to a printer of copying machine for example as employees can easily discard the unwanted copies or data into the recycling bin. However, Security in Shredding can implement secure lockable consoles throughout the building in specific locations as requested by the organisation and also in close proximity to the copying or printer machines.

If you wish to have a conversation with any of our Data Consultant Specialists, you can pick up the phone and dial +67 24848 or email us at info@securityinshredding.com.

6 Steps To Improve Your Data Security

privacy-data-security

Data is King. Protecting your data comes in many forms. Your confidential document shredding specialist will securely destroy any sensitive documents. Data protection is equally important as data destruction. IBM are a leading High Tech company and provide you with relevant information and software to improve your security.

IBM Security solutions for data security and privacy provide a holistic approach that helps prevent data loss while enabling data access to support business operations, growth and innovation. These solutions help you ensure regulatory compliance, defend against internal and external attacks, and can lower storage and data management costs.

IBM Security solutions for data security and privacy enable a layered approach to achieving data security that helps you:

IBM also provide a free software for you to assess and detect vulnerabilities. The software will detect weak passwords, any misconfiguration on your database. Read more about it here: https://www-03.ibm.com/software/products/en/security-guardium-vulnerability-assessment  

While IBM methods deal with digital data the crossovers and similarities can be applied to your paper data. Paper shredding services will also offer digital data protection and knowledge. Knowing these risks and implementing the steps to prevent a data breach will benefit your business or organisation in the long run.

Technology terminology can be confusing to understand but implementing security measures for digital devices is pretty straight forward. For more information on a data protection and security please contact us or visit our site for more information.

7 Questions Dealing With Sensitive/Personal Data

privacy-data-security

We live in a digital information age and how this information in gathered and viewed is through mobile or electronic devices. On site document shredding services will handle your paper data and also digital media to be destroyed securely.

Cyber liability, cyber security and information governance are terms that managers and directors are aware of due to high-profile data security breaches in recent events (“Panama papers”). Mason Hayes & Curran covers the critical questions these companies need to be asking.

In an increasingly interconnected world, with the expansion of the internet and development of the internet of things (IoT), there has been a corresponding increase in the vulnerability of information systems to attack.

The Cyber Security for Directors app with the Institute of Directors in Ireland has released an app to help heads of companies to understand their responsibilities regarding digital data security.

The app details the various types of cyber liability and cyber risks, while drawing together the key areas for directors to consider. It also outlines both proactive and reactive strategies to manage cyber security. The app is available on Android and iOS.

Technology has rapidly changed over the past 20 years and continues to grow. People’s reliance on digital devices both for storage and transmission of data, is making data breaches all the more damaging to organisations. How a mobile device operates both the front end (you) and back end(server) is not that transparent unless you have a good understanding of data transfers.

Knowing how this works is not essential but can make it easer to understand where the pitfalls lie within a device will benefit data security.

Where there is liability, there is a corresponding responsibility for that liability. As the duties of directors come increasingly under the microscope, it is clearly in the interests of directors to ensure that they understand their responsibilities in this area.

Below, we have outlined the key questions that directors should ask in relation to the collection and processing of data

1. Are we being transparent?

Data must be obtained fairly and the company must be transparent about the reason the data is being collected and the purpose for which the data will be used. Data must not then be put to a further incompatible use.

2. Do we have consent?

Consent is usually, but not always, required. If the information is non-sensitive, there can be implied consent. If the information gathered is sensitive (such as relating to an individual’s health, race, sex life, religious beliefs or trade union membership) then there must be explicit consent.

3. How long are we retaining data for?

Personal data can only be stored for as long as is necessary. There should be no retention of data ‘just in case’.

4. Are we collecting unnecessary data?

Data should only be collected if necessary. There are PR risks to any company if data is collected and stored unnecessarily.

5. Are we keeping the data secure?

You must have appropriate security measures to protect any data you are storing. Take into consideration the state of the technology you are using, the cost of implementation and the nature of the data and potential harm if a breach occurs.

6. Are we giving the data to third parties?

Are the third parties controllers or processors? In other words, on whose behalf will they use the data? If they are controllers, you will likely need consent for collection. If they are processors, special written contract terms are required.

7. Is the data leaving Europe?

If collected data remains within the European Economic Area (EEA), transfer issues do not arise. If the data is to be transferred outside the EEA then safeguards are required unless it is an approved country, eg Canada.

Check out www.mhc.ie for more information on Tech law.

Industrial paper shredding and media destruction are performed securely and confidentially by our team at Security In Shredding. For more information on our shredding or destruction services please contact us.

 

5 Data Security Tips To Protect A Company’s Sensitive Data

Secure Paper Shredding Hard Drive Shredding WEEE Destruction

For many small business owners, are aware of the potential data breaches that can occur. Secure document shredding is one method of data security but most people will think “It wont happen to me” and when it does happen it can cost the business upwards of €100,000 fine if data security was inadequate. For a small business, one data breach can destroy their reputation and customer confidence.

Below are 5 tips to implement data protection solutions that all small businesses can do today to protect their customers, their reputation and their people against data breaches:

  1. Implement a Clear-out Shredding Policy

Clear-out Shredding policies ensure all paper documents are shredded before being recycled or disposed. The Clear-out Shredding Policy removes any uncertainty around whether documents are confidential and require shedding. This simple step is one of the easiest ways to avoid human error including mishandling of confidential documents and files. In addition, all shredded paper is recycled, adding an environmental benefit to a security solution for businesses. Overall, it leaves little to be decided around the type of information that should not be deposited in recycling bins and waste paper baskets.

  1. Encrypt all electronic devices

Mobile devices are everywhere. There are more mobile devices than people in circulation. A workplace mobile will be used so employees can access the information they need remotely, which means company information may be exposed to greater security vulnerabilities. Encrypting all electronic devices is an important first step in securing information.

All electronic devices used by employees should be encrypted to protect sensitive data regardless for their own benefit and not just the company or organisation. In the event that electronic devices are lost or stolen, encryption will protect the information stored on the device and mitigate any compromising activity.

End to end encryption” is a term you should look out for especially when transferring data. Software applications can do the same function a number of different ways. Knowing how they operate is recommended.

  1. Maintain Clean-desk policy

A clean-desk policy encourages employees to clear their desk and secure documents in a filing cabinet or storage unit when they are away from their desk or office at the end of the day. This includes documents, files, notes, invoices, and removable digital media like memory sticks. Unattended and untidy work stations pose a greater risk as loose information is an easy target for theft. A clean-desk policy ensures that all confidential data is locked in a secure area.

  1. Protect Printers & Peripheral Devices

Implement a ‘best practices’ standard for printing confidential information. Encourage employees and staff to not leave documents unattended at a shared printing station. To strengthen security around printing stations, consider using passwords for printing jobs. A printer is connected to a network and can be an entry point for hackers to access a network. Any other peripheral device that’s connected to a network may need an added layer of security just in case.

  1. Designate a Security Manager

If your business or organisation does not have one, now is the time to assign someone to do it. While it is important to have senior management and leadership play a vital role in mitigating data breaches, engaging employees from all levels and cross-departments helps strengthen an organization’s focus and commitment on information security.

At Security In Shredding maintaining data security is a vital importance to us. We must comply with data protection laws. For more information on paper shredding and data destruction services, please get in touch with one of our staff for more information.

Summer Holidays? Tips to Maintain Data Security When You Work

data security when on holiday

Who doesn’t enjoy a holiday or time off. Scheduling a paper shredding service before the holiday or time off is recommended. This will help give a piece of mind that you are protecting your data and let you enjoy your holiday.

In today’s world employees pack their work tablets and have their smartphones with them when going on vacation/ holiday.

There are a number of employees who don’t like to fall behind in their work and like to stay connected wherever they travel to. This is possible due to the ever improving technology of wireless internet, smartphones, laptops, and tablets. These technologies have made it increasingly easier to work from home and from the side of the pool!!

But organisations may forget the importance of data security regarding these mobile devices. Many organisations have policies in place where by employees BYOD (bring your own device) and this permits the employee to use one single device for both work and personal purposes.

The upside is while employees remain productive outside of the office 24/7, the downside is that they can access corporate data from anywhere. The negative impact this will have is it increases the risk of data breach incidents and has created a whole new area of information security policies.

Security in Shredding have a few tips to ensure the confidential business information employee’s work on outside of the office remains secure;

  • Implement a Bring Your Own Device Policy and by doing so you are creating a culture in your organisation.
  • Implement a schedule regarding the organisations protection software whereby on set dates throughout the year the software is updated.
  • “Provide employee training and regular refresher training regarding information security best practises outside the office.”
  • Prior to leaving the office for a vacation, ensure to only take documents that are extremely necessary regardless of a hard copy of digital copy.
  • Only under extreme circumstances should you print confidential documents from electronic means outside the office.
  • If one must print off a hard copy, ensure that all documents are securely destroyed. At mentioned earlier scheduling a paper shredding or bag collection may be needed.

You can speak with a member of Security in Shredding’s Data Management Consultants for further information. Our mobile paper shredding service is available for scheduling.

 

Data Breach Incidents in Educational Institutions

paper-vs-digital

Shredding companies in Ireland are employed by educational institutions such as colleges and universities. These institutions are considered easy targets because of their open structure and long information retention periods.

Data Breaches have occurred in educational institutions ranging from lost laptops with sensitive information to targeted cyber-attacks and student identification cards. There are lots of other confidential data that is useful to attackers beyond payment data and student records; such as employee records, patient health information and scientific research data. Paper shredding or document shredding will reduce the risk of data breaches

Negative public exposure regarding a breach will have a negative impact on the reputation of the educational institution as well as the enormous knock on effect it would have regarding peoples data. In order to minimise the risk of any size of a data breach a Risk Reduction Strategy must be established.

Security in Shredding recommend a number of methods to include in a Risk Reduction Strategy;

  1. Data Security” has to become “second nature” within the colleges and universities from the top down. A Data Security Informational Event should be organised by the educational institutions to inform in a fun way, the students and employees the importance of data protection and data security. You could look upon this as a form of training – Knowledge is key.
  1. Make students and employees aware of the Data Security Policies and Procedures. Use means such as bulletin board, posters, newsletters etc.
  1. Regular risk assessments should be conduct on an on-going basis to identify where the gaps in information security exist and to establish and provide the solutions.
  1. Physical Security of all sensitive data is very important. Secure restricted authorised access for key personnel is an important measure to take to minimise the number of unauthorised access events.
  1. Maintain a “Clean Desk Policy” and place all sensitive paper records that is no-longer required in the lockable secure console that is provided by the contracted Data Destruction Service Provider such as Security in Shredding.
  1. Implement and utilise IT security tools such as firewalls, encryption, anti-virus software etc. It is important to protect both digital data and hard paper data.
  1. Establish and use a Document Management Process for the tracking of documents, generation, storage and destruction of documents.
  1. Use the professional secure recognised services of a registered data processor whom is an established Full Data Management Service Provider, such as Security in Shredding whom provides a complete secure chain of custody for your data needs.

If you would like to find out more about on site paper shredding and or off site paper shredding, contact Security in Shredding’s Data Consultant Team on 067 24848. They are glad to help.

4 Reasons Why A Paper Shredding Service Is Needed

Security In Shredding on site service

Paper shredding or document shredding is vital for protecting confidential and sensitive information / data. Most of us create and keep files with sensitive data; examples of which are bills, financial statements, marketing plans, employee files, and even delivery packages. Industrial shredding services are used by Government offices, non-commercial organizations, small and large businesses, and private citizens. These document shredding specialists will shred the documents securely beyond recognition.

1. Compliance With The Law

We all have the right to protection of personal information. The Data Protection Commissioner was put in place to enforce the obligations of businesses to protect data. Failure to comply, as there are laws that penalize improper disposal of documents with sensitive and confidential content. Businesses and Organizations that hold personal data but neglect to protect it face financial and legal consequences. Employers for example use paper shredding services to get rid of employee files which are no longer in use.

2. Positive Recycling Habit

Reducing the amount of paper used in an office is a good reduction method, while reduction also ensures that there is less of a chance data breaches from misplaced documents. The paper and documents shredded by a mobile paper shredding service will be put into a compost heap and reused at a later stage. This creates a good recycling method for your business and benefit the environment overall.

Data Protection, Paper Shredding, limeirck paper shredding

3. Preventing Identity Theft

Without shredding or destroying documents before disposing them, Identity theft is a possibility. All it takes is someone to simply look into a bin and grab what they can. With data now widely available is now more of an issue. Any data is far better shredded before disposal, all it takes is one piece of information in the wrong hands for a data breach to occur. These breaches are damaging for a business or organisations reputation.

clear out paper shredding

4. Eliminating Clutter & Hazards

Papers occupies space and cause clutter and increase the risks of fire. Once a document has served its purpose, offices need to constantly get rid of these papers as part of an organization-wide records management system. A paper shredding policy within an organisation for when to retain and destroy documents will help an employee to take care of the proper disposal and destruction of paper documents. However shredding services are available throughout Ireland and hiring a industrial paper shredding company is more cost effective.

Document shredding is important part of business practice. Mobile paper shredding services are available. Along with an awareness to data breaches and compliance with the law will ensure data security.

Security In Shredding provide high quality secure shredding services. They provide a Confidential Waste Disposal service both on site and off shredding available. If you are in the Limerick area then please visit our Limerick page for more details.

5 Best Practises Regarding Document Management

paper-vs-digital

Paper shredding is important practice for businesses in Ireland. A confidential shredding specialist will remove unwanted document and destroy them in a secure manner while also help remove clutter from the office.

Offices should avoid having files, documents and detailed paper information scattered on top of filing cabinets and desks. In every organisation regardless in size, it has a responsibility to manage the information it handles in a secure and organized way. It should be a priority or each and every organisation to minimise the risk of a data breach;

Security in Shredding have outlined below the top five best practises for Document Management whom they encourage every business to follow;

  1. Indexing & Filing:

    An organised document management system has an effective and current index system based on the file contents and compliance requirements. The organisation should manages file creation in an efficient manner whereby no duplication or irrelevant copies are filed and records retention periods are clearly labelled on the files or storage boxes. Security in Shredding would recommend implementing an electronic file tracking system to manage where documents are in their life cycle, and show whether documents are active, archived, or ready for disposal.

  2. Secure Storage:

    Sensitive data stored on hard paper data and e-data should be securely stored and protected either in locked cabinets or a locked room. Many organisations produce a substantial volume of paper as a result from employees conducting their duties, making notes, printing of emails, discussion notes, to do lists – the list goes on. It is just as vital that this paper production is securely stored in lockable consoles when the employee has not longer got a requirement for it. Security in Shredding encourage organisations to implement a Shred-all policy whereby all paper produced in the offices that is no longer required is placed in the secure consoles for destruction at a scheduled date.

  1. Limited Access:

    It is vitally important that limited access is maintained with hand-picked specific employees having the secure access to the file sharing system the organisation has in place. Security in Shredding recommend using a system that uses authentication and password protection to control access and track and manage who can view them.

  2. Retention and Destruction Schedule:

    All documents and files should be clearly labelled by what they contain, retention period, and end of life date. When documents reach their end of life they must be securely destroyed. Security in Shredding recommend outsourcing the destruction of all or any sensitive data to a certified professional whom are registered data processors. Also the Data Destruction Service Provider should provide a chain of custody from the time the material is placed in the secure lockable consoles to the secure removal of documents for shredding. The service provider should be able to provide certification for their ability to shred the sensitive confidential data to Shred No. 6 of the EN 15713 European Shredding Standard. A Data Processing Certificate should be issued post every service delivery.

  1. Staff Training:

    It is imperative that all employees are trained and fully understand the importance of Data Protection. Security in Shredding recommend every organisation to employee a Data Compliance Officer to enforce information security policy and ensure all aspects of Data Protection Legislation are adhered to.

If anyone has any queries regarding any of the important points illustrated, please do not hesitate to contact us to speak to our Data Consultants.

Our confidential document shredding services are available throughout Ireland. We regularly operate in the Limerick, Galway, Dublin and Cork areas.

Please visit our site for more information: https://www.securityinshredding.com/

Minutes To Happen & Weeks To Realise; Data Breaches

Phising Most Common Data Breach

At Security In Shredding we ensure that all data processed by us is confidentially and securely destroyed. Data destruction is vital part of business practice. Data security is paramount to us and the success of a business. Preventative methods to improve your data security comes in many forms. IT security is an area that can overlooked due to newer technologies and people not aware of IT pitfalls.

A report from Siliconrepiblic writes about a common data breach method and is important that people are aware of such an attack. Knowing these potential risks is important is today’s high tech world. The article writes:

“Phising” What Is It ?

A Google search will give you the following definition:

“Phishing is the attempt to acquire sensitive information such as usernames, passwords, and credit card details (and sometimes, indirectly, money), often for malicious reasons, by masquerading as a trustworthy entity in an electronic communication.”

Phishing is still the No 1 cause of data breaches and hackers are getting faster at breaking in, but firms are struggling and usually only find out weeks and even months later they have been breached, according to the 2016 Verizon Data Breach Investigations Report.

According to the report, in 93% of cases it took attackers minutes or less to compromise systems.Meanwhile, it took companies weeks or more to discover that an incident had even occurred.Worse, it was typically customers or law enforcement that sounded the alarm and not the organisation’s security measures.

‘A test we ran last year found that 23% of people that opened a message went on to open the attachment. In our latest report that has increased to 30%’
– LAURANCE DINE, VERIZON

According to the report, most reasons for breaches are money-related and cyber-attackers are indiscriminate and motivated by greed rather than revenge or some crusade.

Gone Phishing, Gone Data

Laurance Dine, managing principal in charge of investigative response with Verizon, told Siliconrepublic.com that phishing is still the chief method hackers use to attack organisations.

The report found that, in 2016, some 63% of confirmed data breaches involved leveraging weak, default or stolen passwords. Passwords such as “123456” and or “password” are used more often than you think 39% of breaches originate from victims’ own work areas and 34% from employees’ work vehicles.

Some 70% of data breaches involving insider misuse took months or years to discover.The report also revealed that new technologies like mobile and the internet of things are providing hackers with more ways of breaching an organisation’s systems.The industries most affected by data breaches are the public sector, healthcare and information.

Dine told Siliconrepublic.com that the data information was gathered from more than 67 partners worldwide and involved the analysis of 2,260 confirmed data breaches.

“There is still a serious information deficit when it comes to attacks. Attackers are getting into environments in minutes or days and it could be months and years down the line before anyone is aware of it and they usually hear it from law enforcement.

“Phishing is still the principal method of attack. A test we ran last year found that 23% of people that opened a message went on to open the attachment. In our latest report that has increased to 30%.”

“But if you are after the low-hanging fruit, the No 1 motivation for data breaches is still financial. Any data worth any value is a target.”

Read Siliconrepublic full article here: https://www.siliconrepublic.com/enterprise/2016/04/25/verizon-data-breach-report-2016

At Security In Shredding we strive to ensure that all documents and its data is processed securely destroyed on site or off site. Confidential shredding services are available throughout Ireland and we regularly operate in the Dublin, Galway, Limerick, Cork areas. Please visit: https://www.securityinshredding.com/

 

10 Threats Against Data Security For Small Business

privacy-data-security

Bigger companies incorporate off site data destruction practices, small businesses often don’t have the financial resources to house large scale IT departments, purchase the latest and greatest technology or invest into data security.

Many a cash-strapped small business finds itself operating its critical systems on computers that are old, slow and often times insecure. This leaves them susceptible to a wide array of security pitfalls and privacy threats, including data leaks and identity theft.

Fortunately, beefing up your security doesn’t necessarily mean draining your bank account. There are many inexpensive options to improve the security of your small business and protect your information.

Geoffrey Arone, serial entrepreneur and co-founder of SafetyWeb, gave his take on 10 very real threats facing small businesses and how they can be addressed in ways that are free or inexpensive.

1. Data Breach Resulting From Poor Networking Choices
Enterprise-level networking choices that are found in large IT departments around the world carry costs that price small or medium businesses out of the market. SMBs that have networks often use networking devices targeted at home users. Some may forgo the use of routers at all, plugging directly into the internet.

Business owners can block most threats by using a quality router, like a NETGEAR or Buffalo brand router, and making sure to change the router password from the default to something more secure.

2. Data Breach Resulting From Improper Shredding Practices
Trivial as it may seem, dumpster diving identity thieves target businesses that throw out paperwork without shredding it. Your small office shredders will NOT suffice for a secure document destruction, but a industrial paper shredding company is a wise investment if private or sensitive information is printed and shredded daily.

3. Identity Theft Resulting From Public Databases
Individuals, especially business owners, often publish lots of information about themselves in public databases. Businesses are registered with governments, telephone numbers are in the phone book, and many individuals have social media profiles with their address and date of birth. Many identity thieves can use information obtained across various public forums to construct a complete identity.

4. Identity Theft Resulting From Using A Personal Name Instead Of Filing An OA
Sole-proprietors that have not registered a business name to receive “operating as” designation are at a far higher risk of identity theft due to their personal name, rather than their business name, being published publicly.

5. Tax Records Theft Around Tax Time
Businesses should ensure that tax returns are dropped off at the post office and refunds are collected promptly from the mailbox. Identity thieves often steal tax returns from an outbox or mailbox.

6. Bank Fraud Due To Gap In Protection Or Monitoring
Business owners know that it is vital to balance their accounts every month to ensure that checks are not being written out of business funds by embezzlers, but many businesses rarely, if ever, check what kind of credit accounts have been opened under the business name. Monitoring services like myID.com can alert business owners when new credit accounts are opened fraudulently.

7. Poor E-mailing Standards
Many businesses treat e-mails as confidential communications, but this is far from the case. They are available to a number of people other than the recipient. It’s more appropriate to treat e-mails as postcards, rather than sealed letters.

8. Failing To Choose A Secure Password
In fact, many security experts are recommending the use of a pass phrase, rather than a pass word. Pass phrases are several words long, at least three, and are far more secure than passwords. A pass phrase like “Friday blue jeans” can be typed far quicker than a complicated password, and it doesn’t need to be written down on a post-it. The length of a password increases security.

9. Not Securing New Computers Or Hard Drives
Businesses that had their IT system professionally installed may opt to upgrade a computer or two by themselves. This is strongly discouraged on a business network, as new computers must be professionally secured or else they pose a serious threat and an entry point for hackers.

10. Social Engineering
Social engineers are individuals that call and claim they are from another organization. They may even claim to be with a firm that a business owner does business with. If someone you do not know calls on the phone, be sure that it is the person you think it is before revealing passwords or confidential information.

For more information on a paper shredding or confidential document shredding service in the Cork, Limerick, Galway and Dublin area, please visit: https://www.securityinshredding.com/

Like, Subscribe and Follow us on Twitter: @Securityinshred