It’s a new year! You want to start making some changes for you and your business, including improving the security in your office, but where should you start? Believe it or not, one of the easiest (and most important!) places to start is with your desk! Messy desks can be a liability, not only for you personally, but for your business as well. It can present potential scammers and thieves the opportunity to see private information that you weren’t trying to show to others! It also makes it a lot harder to know for sure whether or not something is missing – like an important file or document – and if you’re not sure, catching a theft will take even longer when your things aren’t organized. When you (and your team) are organized and are able to maintain neat work spaces, it takes stress off of all of you and can prohibit potential breaches. Studies have also shown that when desks are organized and clean, it promotes productivity and satisfaction among your employees!
When making changes, it’s best to start with baby steps, and those steps can and should include breaking some bad habits that you or your employees may have fallen into. Here is a list of some of those bad habits and how to change them – changing these things first will aid you in cleaning things up!
Lock your screens and use a password!
It may seem trivial, but because most business is conducted electronically these days, protecting yourself and your data by locking the screen of your computer (or other device) with a password or pin number is one of the easiest ways to utilize the options you already have for security. While it may seem tiresome, locking your screen can prevent the majority of issues you may experience, especially if you work on a computer most of the time. This also includes when you leave the office for the day – be sure to save and close out any applications or documents pulled up on your computer and lock it (or shut it down completely) before you go.
File and shred!
One of the easiest ways for a thief to gain access to private information is by casually looking at documentation left out on someone’s desk. When working with documents that contain private or personal information, make sure you use a filing system of some sort (filing cabinets or drawers, desktop filing, etc.) on or near your work area so documents aren’t left out, and be sure to close and/or lock those files away when you’re not working with them. And, most importantly, don’t just throw those documents away in a regular garbage or recycling can – shred them when you’re finished! Hopefully you’ve already considered (and put into place) a strategy for secure document destruction!*
Don’t leave it out!
Apart from stealing secure information from documentation left out, there are numerous ways you could be opening yourself up to security breaches just by the items you leave out on your desk. Items such as cell phones or tablets (that aren’t password protected), keys to drawers or filing cabinets, access cards to secure areas of your office, sticky notes with important info on them (passwords, login credentials, etc.), bags or purses (including wallets and/or credit cards) left unattended…all of these seemingly harmless things to leave out could be the easiest targets for someone to use to gain personal or private information from you, your company and/or your customers. If you use white boards for planning or writing things down, whether at your desk or in a meeting room, make sure you erase information as soon as you’re done using it. If you have a personal printer at your desk, don’t leave printed paperwork on it. Also, be careful about leaving your calendar open or displayed – calendars, while helpful, can leave sensitive information (names, dates, places, projects, etc.) out there for all to see.
Now that you know the bad habits to break, here are some additional tips to help you (and your employees) organize your space!
- Keep file folders and paperwork housed on your desk to a minimum – utilize a filing system (as mentioned above) so only the things immediately needed or relevant are available.
- Keep the personal mementos limited – don’t have more than three personal photos or keepsakes on your desk. Like leaving your calendar out, having too many personal effects out for all to see can allow someone to know more about you than needed.
- Maintain as much clear space as possible – if you can actually see the top of your desk, you know you’re keeping it clean!
- Limit the amount of office supplies in your space – only keep the necessities at the ready!
- Have a place to keep items secure – utilize a set of drawers or a file cabinet that can be locked for those items that MUST be secured AND keep the key with you!
Helping yourself and others in your workplace stay organized will not only make you feel better about your work, but it can and will protect your business as well!
*Secure document and data destruction is one of the most important things you can do to protect your company. If you are in the Birmingham or Huntsville, AL areas, be sure to contact Secure Destruction to help with all of your destruction needs!
As 37 percent of employees report that they work from home at least part of the time, more companies are becoming aware of the security risks of teleworking. Research also indicates that small- to medium-sized businesses are the most likely to be targeted by hackers looking for sensitive data, so it’s important that your business is protected from cyber theft. Whether you’re a manager authorizing the hire of remote workers or simply an employee who wants to telework, effectively addressing the hazards of teleworking can help avoid a serious information security breach and the associated legal costs.
Liability Concerns of Remote Working
When your company decides to allow teleworking, it still has the same obligation to protect sensitive client data as any other business. Your company may also have to follow certain legal acts, such as HIPAA compliance. It also needs to protect any proprietary data from rival companies.
If a data breach occurs at your company, it must report the data breach to any customers that it could affect. If your company offers credit monitoring, that could cost $10 to $200 depending on the service offered and the number of people affected. Customers affected by the breach could also sue your company if they can prove monetary damages.
If you’re a remote worker, and some proprietary company data is stolen from you, you may be liable for damages. Most companies require their workers to use specifically outlined policies to protect business property. If you don’t secure your computer or shred your work documents, your employer could sue you if someone steals that information from your home.
Planning to Protect Corporate Data
In a traditional workplace, your company can protect data by preventing workers from removing any sensitive information from the office. Your company can also isolate computers from the internet, which significantly limits the computer’s vulnerabilities to hacking. However, if your company allows remote working, it uses the internet to communicate with its workers. This leaves every piece of hardware that connects to the internet sensitive to hacking, ransomware and regular theft.
To reduce liability, your company should have a written plan that outlines exactly how data should be protected. Secure connections between at-home business computers and the company server is essential, and some security professionals recommend issuing a router to each remote worker. At the very least, your IT department should issue each remote worker a work computer that’s encrypted in case of theft. Your company may also want to consider purchasing cyber liability insurance, which would cover the credit monitoring and legal fees associated with a major data breach.
Of course, sensitive documents don’t only exist online. Secure document shredding ensures that sensitive business information and personal client information isn’t stolen by thieves with access to your trash. NAID-certified document destruction services ensure that no matter what information you have, you’ve ensured that the documents are responsibly handled. Also, once your business smartphone, laptop or computer no longer works, you should make sure that the hard drive, along with other storage media, is properly destroyed. Skilled criminals can overcome most hard drive deletion programs, so destroying the physical drive is the most secure way to protect proprietary data.
Remote working offers substantial benefits to both employers and workers, but it’s important not to ignore the security risks inherent in teleworking. By drafting and following a plan to secure data, documents and hardware, you can protect the reputation of your company and the clients that you serve.
The task of maintaining security for all the data you and your company manage on a day-to-day basis can be overwhelming. Trying to keep up with rules, regulations, laws, retention plans and destruction schedules not to mention budgeting for all that…it’s enough to make your head spin! And if you’re keeping up with other companies in your field, you may be wondering how much they’re spending to properly secure or destroy data. Let me tell you…there are companies literally spending a fortune! According to the cyber security firm Kaspersky Lab, even small businesses can spend an average of $38,000 of direct costs to recover from a security attack, along with indirect costs of $8,000. For a small business, a financial hit like that can be catastrophic.
Determining how much money to invest in data security starts with realistically appraising the threats (cyber or otherwise) that all businesses face. Smaller businesses (those businesses with fewer than 50 employees) may make the mistake of assuming that they’re less vulnerable because hackers only target the big guys. Sadly, in many cases, the opposite is true. A cyber thief or hacker may regard these businesses as easy targets precisely because they are usually lacking in essential data protection.
Know YOUR Numbers!
In most cases, especially for smaller companies, it has been a long time (if ever) since your last security audit by an IT company or a private professional. Having an objective evaluation done will establish a baseline, also known as a gap analysis, which you’ll need in order to plan your strategy for information security. How well-protected is the hardware and software you currently use? It’s extremely important, as we have mentioned before, to assess the types of data that need protection for your company, whether it’s financial, operational, customer, or personal information, as well as any risk factors for your specific business.
If you’ve already put a basic data security program in place, the cost(s) for regular upgrades won’t necessarily break the bank. Most of your expenses will more than likely go to maintenance and ongoing employee training (see below). If you’ve never considered the security of the data you manage, starting from scratch will typically require a more substantial initial investment. Be sure to do your homework and compare prices.
Improving Security on a Budget
Your company can take several easy steps to improve security without spending more than you can afford. Being aware of and improving the internal security of your business is essential. If you do your research, you can easily find popular and less costly software security packages, including antivirus and anti-malware products and application firewalls. Utilizing an information security professional to audit and set up your system can be well worth your investment, according to Joseph Steinberg, cyber-security expert, in his article about budgeting for security. He also notes that hiring a professional will end up paying “for itself many times over in terms of time, money, and aggravation down the road.” Steinberg mentions covers a number of best practices in his article, but truly knowing your company will be your best defense, and that will aid you in budgeting correctly for the security your company needs.
Training is KEY!
In addition to choosing the appropriate and budget-friendly security for your business, make sure you train and choose the right employee(s) to be in charge of the changes and the ongoing maintenance for your business. Your company can be as secure as possible, but if you have employees who don’t understand or don’t take seriously the importance of that security, you may be wasting your time and money. You have to remember that even your company can be a target, and it is imperative that your employees know the same thing. “Even a single short conversation can help employees understand that they are targets,” states Steinberg. “People who believe that criminals want to breach [company data] act differently than people who don’t understand this reality.” Only give employees access to the necessary systems and information for their job – if you have a breach within your company, or the security of one employee is compromised, it will be much easier to contain the damage if you are well aware of who has access and what they have access to. Security training materials can be found online, and many are free. Training will more than likely be an extra cost at some point, but when the security of your company is on the line, training may very well save you money in the long run!
Depending on the needs of your company, you don’t have to spend a fortune to secure your data. By doing the proper research, knowing your company and its needs, budgeting appropriately and having well-trained employees, your business and your data should be secure for a long time to come!
Once you have made the smart decision to hire a document destruction service and have received your security container, you are ready to start filling it. Hopefully, you have prepared by determining what documents you have that need to be destroyed securely and gathering everything that needs to be shredded. Once you know what type of documents need to be destroyed, you can start hauling out all of those old files.
Using a document destruction service will save you so much time compared to using a small, in-office shredder, but here are a few tips to save you even more time and effort.
All things paper
Manila folders, envelopes, file folders, etc. are perfectly acceptable to go in your shred console. Laminated paper, card stock, any type of paper, all totally fine. That’s what your security container is made for, after all. Most consoles have a weight limit that you should be aware of and your document destruction service can help you figure out what size you need when you get set up.
Don’t worry about staples or paper clips
The machinery used by a professional document destruction service can handle all of those things to save you time from removing them first. Staples, paper clips, brass fasteners, etc. – good to go!
Avoid 3-ring binders and large binder clips
It’s best to remove these first. On the plus side, they are easy to spot and resusable. It’s not the end of the world if any of these ends up in your shred console, but you should make a note to tell your document destruction service worker when they come to pick it up so that they are aware of it.
Media such as hard drives, thumb drives, CDs, etc. are picked up separately
Properly destroying any of these items that contain sensitive information is just as important as shredding paper files. Simply erasing a hard drive does not guarantee that that the information is unrecoverable. A document destruction service is able to pick up these items and physically destroy them so that they can never be hacked or recovered.
Secure Destruction providers our customers with a complimentary security container and we will deliver it to your location free of charge. We offer three sizes including a 35-gallon executive console, a 65-gallon rolling, lockable tote and a 95-gallon rolling, lockable tote. Each one holds 75, 200 or 300 pounds of paper, respectively.
We are fully compliant with FACTA and HIPAA guidelines to ensure the complete destruction of your sensitive materials. You will have complete peace of mind knowing that your data cannot be breached or stolen when we securely destroy your documents, hard drives, CDs, memory cards, etc.
Our friendly, trustworthy staff is ready and willing to help you with any questions you may have regarding your shred console or your service contract.
Contact us with questions or for a quote at (205) 453-1468 for the Birmingham area or (256) 534-5130 for the Huntsville area.
Whether you own or manage a small business or a large corporation, regardless of industry, chances are you have lots of sensitive data stored on computer media or paper files. Anything from consumer credit card information to names and addresses, medical histories, confidential information and more must be kept secure and safe from those unauthorized to access such information.
You may think that data breaches only occur with very large companies, but the truth is they affect hundreds of small businesses every week. And with identity theft, computer hacking and data breaches on the rise, it is more important than ever to practice information security, as well as to properly and securely collect, store and destroy data, because any business who fails to be in compliance with federal guidelines can face strict fines.
Why Destroy Documents?
Most businesses don’t need to keep every bit of information forever. Outdated data can be disposed of to make way for new files and backup drives, but it must be done so in a way that ensures the data doesn’t fall into the wrong hands. In fact, many data breaches occur simply due to files and hard drives not being disposed of properly. That’s why many businesses utilize the professional services of a company that specializes in document destruction, paper shredding and product destruction.
However, one must be wary of companies that do not supply a Certificate of Destruction. This important document serves as physical evidence and as a guarantee that all supplied files and media have been properly and thoroughly destroyed. Without this document, there simply is no guarantee that every last scrap of paper or data drive was shredded or disposed of, which simply is not acceptable.
Information Security and the Certificate of Destruction
Any reputable Information Security company will supply a Certificate of Destruction, which is needed for accountability should something unfortunate occur with any of the documents that were supposed to have been destroyed, such as a data breach. The Certificate of Destruction puts the responsibility of shredding and document destruction on the shoulders of the Information Security company, rather than on you.
It is extremely rare that a reliable, qualified service provider will miss or improperly destroy data, but if something does accidentally escape destruction, make sure your provider has Downstream Data Coverage Errors & Omissions insurance.
The Certificate of Destruction and Compliance Laws
There are both state and federal laws regarding the collection, storage and destruction of data. HIPAA regulates medical-related data, while FACTA is an organization that regulates other types of sensitive information. For peace of mind and to be in compliance, it is a wise choice to utilize the services of a professional company that provides a detailed Certificate of Destruction.
The Certificate of Destruction typically includes details of the procedures used to destroy data, whether documents and data drives were destroyed, and in what quantity. Depending on your industry, you may need to show a Certificate of Destruction in order to prove that documents and data were destroyed in accordance with the laws, as well as to remove the burden of liability.
For more information about document destruction, shredding and hard drive destruction, contact the professional and reliable Information Security experts at Secure Destruction, located in Birmingham and Huntsville, AL. Our team will be glad to answer any questions you may have about shredding and data drive destruction, and also provide you with a quote for the services you would like to have performed.
Play it Safe!
When dealing with important and secure documents, sometimes it’s hard to know what can be destroyed or what should be destroyed. In most cases, it’s best to play it safe – there are times when you don’t even realize that there is personal information on a document unless you take the time to carefully review each page. All companies have documents that contain personal information (i.e. customer information, SSNs, addresses, phone numbers, medical information, etc.) or legal information (i.e. business data, financial/banking information, passwords, etc.). Playing it safe pretty much means shred it all and shred it often!* If there’s any question about whether or not identity theft could take place or information of other sorts stolen, then shred it! Like we’ve said before, it will not cut it to simply throw documents in the trash or the dumpster – the threat of identity theft is costing companies more and more these days, so you do not want to take any chances.
Don’t Recycle – Shred!
Some companies think it’s okay to simply recycle their documents – this is not a good practice, especially when dealing with the personal information that your customers have entrusted to you. According to Consumer Reports, identity thieves are targeting recycled paperwork to obtain people’s personal information, even going as far as to seek out recycling facilities to see what they can find. While a lot of your documents may not be used to actually steal someone’s identity, they can still contain information that you (and more importantly, your customers) wouldn’t want strangers to see.
How do I know what specific types of documents need to be destroyed?
A lot of companies are unaware of the laws and regulations for secure destruction of important documents and information, which, when not complied with, could result in lawsuits, fines, etc. This seems to be especially true for smaller organizations. There are numerous acts that have been enacted by the U.S. lawmakers mandating rules and regulations for document destruction:
- Health Insurance Portability and Accountability Act (HIPAA). This law governs any organization that handles protected health information, including Social Security numbers, prescriptions and other medical records.
- Personal Information Protection and Electronic Documents Act (PIPEDA). This Canadian privacy law (as applied to U.S. businesses working with Canadian companies and/or information) protects personal information being handled by private sector organizations, and provides guidelines for the collection, use and disclosure of that information in the course of commercial activity.
- Fair and Accurate Credit Transactions Act (FACTA). The Fair and Accurate Credit Transactions Act of 2003, which applies to all creditors and credit reporting agencies as well as financial institutions with “covered” accounts, protects consumer information collected by lenders and credit card companies. It preempts state laws.
- Sarbanes-Oxley Act (SOX). This law governs all public companies in the U.S. and all accounting firms, as well as international companies with debt security or equity registered with the Securities Exchange Commission.
- Gramm-Leach-Bliley Act of 1999 (GLB). This act lets financial institutions (banks, insurance companies, financial services companies and investment firms) consolidate their banking and investment offerings. It requires those companies to safeguard customer records.
- Red Flags Rule by the Federal Trade Commission (FTC). In 2015, the FTC determined that
the term “Red Flag” refers to a pattern, practice or specific activity that indicates the possible existence of identity theft. The Red Flags Rule requires many businesses and organizations to implement a written Identity Theft Prevention Program designed to detect the warning signs – or red flags – of identity theft in their day-to-day operations.
Once you determine the rules and regulations for your state and your business, that should determine what needs to be shredded, how often, and in what way (And don’t forget about the electronic data your company may be storing – hard drives, tablets, thumb drives, etc.). There are a lot of resources out there for setting up a policy and a plan for secure destruction, and in today’s culture, you can’t be too safe. If you need help in this area, and you’re located in Alabama, near Birmingham or Huntsville, be sure to contact Secure Destruction. Be a company that your customers can trust – your business depends on it!
*Always consult legal or financial professionals to determine document retention best practices.
It’s that time of year again!
With the end of the year closing in, it’s time to haul the boxes of old documents out of storage and get rid of them to make room for this year’s filing. It’s important to remember that documents with personal information need to be handled with care. Throwing the boxes in a dumpster won’t cut it, especially with the threat of identity theft on the rise. You could be held liable if it’s proven that an identity theft occurred due to the mishandling or improper destruction by your company of documents with sensitive personal information.
“The cost of identity theft to businesses and financial organizations is staggering — $48 billion last year alone and another $5 billion in reported losses to individual victims,” according to AccountingWeb.
To be sure that your documents are destroyed completely and securely, hiring a shredding company will save you time and money, as well as guarantee your peace of mind. Using a professional shredding company to handle this task can give you the gift of one less thing to worry about during the rush of the holiday season.
In just a few simple steps you can check “document destruction” off your to-do list.
Gather all documents that need to be shredded
It’s important to know what type of documents you have saved and how long you need to keep each type of document. With that information handy, you can easily determine what needs to stay and what can be shredded. Put everything you have gathered in one safe location until your shredding appointment.
A tip for making this process even easier next year – stamp a retention date on each document and for that year, file all documents of that type together. On the outside of the box, print the date the documents can be destroyed.
Contact a shredding company for a quote and services offered
There are several different types of shredding companies with varying services. Identity theft has become increasingly common and regulations are tightening. You want to find a shredding company with a comprehensive security plan in place to protect your business.
The National Association for Information Destruction has a certification program for information destruction operations. Using a NAID certified shredding company adds a layer of protection and confidence when choosing whom to work with. By using a NAID certified Information Destruction Company, you can be assured you are hiring a company you can trust.
Schedule a Shredding Date
Get it on your calendar! Setting a date with the shredding company will motivate you to get organized and prepared. A little bit of work now can save you a lot of energy later, not to mention office and storage space. If you’re already behind on document destruction, what better time to take care of it so you can enter the New Year with a fresh start.
If you don’t know where to begin when looking for a shredding company, contact Secure Destruction. Secure Destruction goes above and beyond the industry standard of security and offers affordable rates. Their triple assurance guarantee protects you before, during and after the shredding process. Three of the great features of this guarantee include: background checked employees, unannounced audits and the use of U.S. pulp mills to eliminate any chance of your information being recovered or shipped overseas. In addition, Secure Destruction is fully licensed, bonded, and insured.
Don’t forget about electronic media (hard drives, phones, tablets, thumb drives, etc.), Secure Destruction can destroy these as well!
Today is the day to add, “document destruction” to your annual year-end checklist. Start by calling (205) 453-1468 in the Birmingham area or (256) 534-5130 in the Huntsville area to speak with a professional or visit www.SecureDestruction.net for more information. In no time you’ll be checking it off your list.
With the 2015 introduction of EMV credit cards in the United States, you might expect that identity theft is decreasing. However, last year, lost $15 billion to identity thieves, which represented an increase of 400,000 victims from 2014. So why is identity theft still on the rise, and what can we do to protect ourselves?
Understanding Identity Theft
Identity theft isn’t a new concept, but the techniques used to commit fraud have shifted this year. Because the new chip cards are difficult to duplicate, criminals are using your personal information to in your name. Even if you check your credit report regularly, it’s possible for a new account to be completely overlooked. Plus, with the holiday rush before us, it’s easy to skip financial best practices (like checking your credit report monthly) in favor of celebrating.
If you’re a business owner, you’re a top target for identity thieves if you collect any type of personal data from customers. You’re also subject to criminal or civil liability if you don’t properly protect that information. Failure to prevent identity theft could permanently impact your professional reputation.
Identity theft has also expanded into unexpected arenas. In 2014, research found that medical identity theft cost an average of and had increased more than 20 percent from a year ago. And unlike other forms of identity theft, people making $50,000 or less were likely targets. are also victims of identity theft — criminals use their Social Security numbers to open new accounts, work under new identities and steal government benefits.
Protecting Yourself From Identity Thieves
As a consumer, checking your credit report and financial statements for unauthorized use doesn’t stop identity theft — it only lets you know that theft has occurred. Once you’ve noticed a problem, you’ll still need to contact the police and the defrauded company. And if you’re a business owner, you may not even know your customer’s information was stolen until you hear from irate clients. So instead of reacting to fraud, it’s important that you actively work to prevent it by eliminating areas where criminals can find your information.
Securely shred any documents that contain any type of personal, financial, medical or business information. Unless you want to purchase a high-end cross-cut shredder, consider using a certified shredding service to securely dispose of any paper documents. Individual households can drop off their documents at a shredding office. Businesses can request mobile shredding so their documents are shredded before leaving the premises. Or, companies can schedule a regular pick-up service for sensitive data.
Next, make sure your electronic information is secure. Use a password manager to create and store strong and unique passwords for every account. Regularly evaluate your firewall and virus scanner to make sure they are up to date and functioning. And don’t forget your smartphone when you’re auditing your digital security.
At your business, make sure you’re following professional standards to prevent theft of customer information. Limit access to any client information unless a specific worker needs it. Require dedicated logins for each employee, and consider external audits to uncover vulnerabilities.
Hard Drive Destruction
New electronics are a favorite Christmas gift, so you’ll probably have some older models cluttering your house in the new year. Instead of throwing away an old computer from your house or business, it’s important to completely destroy the hard drive to prevent identity thieves from recovering information. Deleting information isn’t enough, and some programs that obscure hard-drive information can be cracked by professionals.
Avoiding Identity Theft in the New Year
Don’t let identity theft ruin your life or business in 2017. With an average individual financial loss of , paying for document destruction, information security services and hard drive destruction could be the best investment you make this year.