Our current business and private world still exists in a combination of paper and electronics for data storage. We are moving closer to a paperless condition, but we aren’t there yet and, given some laws, might not be for a while. Businesses continue to generate volumes of documents that contain proprietary and personal information as well as digital devices that house some of the most important data. As we move through our work days there is a critical need for the right kind of document shredding so that none of the paperwork lands in the hands of those that would illegally use it. Companies are continually upgrading their computer systems and this brings about the need to completely destroy everything that is on the hard drives and peripherals such as thumb drives. This entire topic falls under the category of document destruction and file management and in today’s world, it’s important for every company to understand the need to set up a schedule for destruction with a professional company.
Join thousands of other companies.
“The only company you will ever need.”
We are all familiar with the idea of network data breaches that we hear in the news, however, breaches in the use of documents that aren’t shredded and data devices that have pertinent information on them are some that have caused massive security risks. Data security risks have an associated cost of $5.4 million per reported incident. A report released by the Ponemon Institute, a company that conducts independent research on data protection and information security policy and the Cintas Corp. created a list of devices that present data security risks:
1. Old hard drives. Many discarded or unaccounted for hard drives contain confidential and recoverable information.
2. Copy machines. The latest generation of digital copiers has a hard disk that can often include sensitive information such as Social Security numbers and account numbers.
3. Fax machines. They contain hard drives that store data from each document they transmit.
4. Routers. Pirates using your Internet connection can not only slow down your connection, they can also gain access to confidential information.
5. Mobile devices. Businesses must put “Bring Your Own Device” or BYOD and mobile device policies in place to protect against the potential risk of a stolen or missing mobile device.
A majority of people don’t understand how data storage works on computers and thumb drives. If you thought just deleting the files and information would be good enough, you would be incorrect. When you delete a file or folder it is just a digital instruction to remove the “start and stop markers” of that file or folder. The information continues to be there and can be easily accessed by inserting new start and stop markers. All data remains on a hard drive or thumb drive until it is written over with new data.
Any time anyone hears the words “data destruction” a look of panic usually crosses their face. Very few would ever consider that destroying data would be a good idea, and yet it is a critical portion of protecting personal and proprietary information while also complying with state and federal laws. Companies make use of electronic media for the most important operations of their business and when this electronic equipment has reached the end of its lifecycle it must be securely destroyed. Overlooking this requirement has caused as much as 10% of secondhand hard drives to be sold over the net while still retaining personal information. Any company that doesn’t take these extra steps of data destruction can face fines and legal repercussions. This is especially true in the healthcare industry where HIPAA laws require the destruction of both paper and digital data containing patient information. A professional data destruction company can remove the devices, ensure that all data is destroyed, and supply a certificate of compliance.
There are various organizations that have established guidelines for data destruction but no laws that dictate that these guidelines must be adhered to. The NIST (National Institute of Standards and Technology) created the Guidelines for Media Sanitization as one of the best guidelines standards for data destruction. Additionally the IRS (Internal Revenue Service) offers their Publication 1075 regulations that apply to agencies that access federal tax information as part of security protocols. Some of the information in both guidelines refer to another created by the NSA’s (National Security Agency) Center for Storage Device Sanitation Research, which are some of the strictest of all standards, used by the CIA (Central Intelligence Agency), the DOD (Department of Defense) for all data that is listed as top secret.
There are a variety of methods employed by professional data destruction companies.
Although the theft of paper that had not been shredded was one of the original forms of information breach, the era of electronic data storage and networks offered hackers an easier method to remotely steal proprietary and personal information. However, as protection against these attempts have been stepped up many criminals are returning to stealing paper from the trash and landfills. There are state and federal laws set in place for businesses to require the destruction of personal information, and this is especially true in the healthcare industry that must comply with strict HIPAA guidelines.
After reading about data destruction, the topic of paper shredding might sound a bit mild. However, paper documentation is still a method used by criminals to access, use and sell private information. A lot of people assume that if they use a single-strip shredder that a paper document is destroyed. On the contrary, a single shredder simply shreds in a group of single whole pieces and, as we have seen in a number of movies and television shows, these can be taped together to reassemble a document. Today’s professional shredding companies make use of cross-cut and micro-cut shredders that shred paper into tiny little pieces. These methods are the only ways to ensure that a document cannot be pieced together for illicit purposes. Professional shredding companies are knowledgeable in the importance of total document destruction, taking security precautions in the pickup and shredding processes.
It goes without saying that every business, no matter what the size, must take proactive measures to ensure that all paper documents containing proprietary and personal information for their company or clients must be stored safely and securely and then destroyed at the appropriate time. There are a few steps that can be taken that help to reduce the risks of paper document breach:
Given the state of potential breaches for both paper and electronic devices, it’s important for every company to protect itself, its clients, and all proprietary information by developing a file management strategy. Below is some of the basics and while it might appear to be a lot of work, it can really be done in a single day.
It is more important than ever for companies to take actions to protect all information and data, no matter what format, to prevent theft and breaches. Criminals are more aware than ever before that businesses are constantly updating their devices, that employees often take company laptops and thumbdrives home, and that many of these devices are set aside without any thought when they are ready to get rid of them, with the exception of deleting files. Paper documentation continues to be of interest to those who want to steal personal and proprietary information.
Partnering with a professional data destruction company will help to eliminate the stress and anxiety knowing that they will destroy both electronic devices and paper in a secure manner and supply a business with a Certificate of Destruction that complies with all state and federal laws.
Join thousands of other practices working with US.
"The only company you will ever need."