How To Dispose Of Documents And Data Safely
How can companies dispose of documents and data safely?
The only way to protect documents and data from theft is to destroy them. It’s important to consider this because a data breach can cost a company millions. According to the 2018 Cost of a Data Breach Report (published by Ponemon Institute and IBM), a typical data breach will set a business back about $8 million. That cost is paid out over time, too, as it takes years for a breach to be completely resolved. In short, poor information security means your company is risking millions of dollars and thousands of hours of lost productivity.
Here’s how businesses can minimize those risks:
1. Work with an experienced shredding service – An experienced data destruction service uses industrial shredders to completely pulverize paper, plastic and metal, leaving nothing for thieves to recover. Industrial shredders are also equipped to handle volume, so they can destroy more documents and data faster.
Professional shredding services are convenient, too, because all your employees need to do is set aside anything that must be destroyed. There are simple ways of managing this, and a shredding service will travel to their client’s facilities, so nothing sensitive is transported by your employees. There’s a secure chain of custody from the office to the shredder, and beyond. Experienced shredders can detail this process for their clients and verify that the process was followed with a certificate.
This is superior to in-office shredders available for purchase, which are impractical for several reasons. For one, they’re built with flimsy, low power motors that won’t hold up with frequent use. In-office shredders also can’t handle staples, so your workers will waste their time pulling them out. They are also difficult to secure and don’t do a thorough job.
2. Don’t just wipe the hard drives – Deleting and even wiping data with dedicated software isn’t enough to guarantee information security. The software may only mark data for deletion, but keep the data on the drive, or there could be issues during data wiping that leaves some of it intact. Even partially overwritten data may leave behind critical pieces of information, and it’s impossible to know just how much critical data is left behind. If stolen, a single person with the right recovery software could pull all of that sensitive information off within days.
The only sure way to avoid this is to destroy the magnetic platter (or disc) inside the drive. There’s no magic to it and smashing the drive with a hammer could do the job, but that’s not office-appropriate or pragmatic. Industrial shredders leave nothing to chance and a professional shredder will ensure your hard drives are managed securely during the process.
3. Develop detailed retention guidelines – Before your employees can organize anything for destruction, they need to know what must be destroyed, and how that information is handled prior to destruction. A retention policy is needed to standardize these rules, even if a professional shredder is going to handle document destruction.
Retention guidelines should be put together with guidance of upper management, and upper management should know what the retention policy is at all times. It’s wise to limit the number of people who have access to sensitive data, as well, and detail who has access to what.
4. Track everything that needs to be destroyed – Important identifying documents usually must be kept for some time before they can be destroyed. Some documents may be destroyed immediately, but others may need to be stored for months or years. A crucial part of information security is destroying these documents on time, so personnel should be assigned to monitoring this process.
5. Secure documents and data prior to destruction – For maximum efficiency, it’s best to set aside everything for destruction before a professional shredder arrives at the facility. This will also ensure minimal distractions, as workers can get in and out with the documents. However, make sure everything is placed in a locked cabinet or console, as information can easily be stolen if it’s piled up somewhere with no organization.
6. Revise information security policies often – It’s fairly simple to keep physical documents safe before they are shredded. Secured rooms, security personnel and safes do a fine job of this. Data, though, is much tougher to defend, as it can be accessed through a stolen device, stolen user credentials or through the use of malware.
In light of this, companies should consider being proactive with revising security policies. Many businesses will do occasional audits of their data and physical document security, and this can help reveal pressure points. It’s also recommended that companies occasionally audit their document storage policies to check for any security risks.
There are many aspects to information security, including how your company disposes of documents and data. Professional shredding services know how to do both the right way, efficiently, conveniently and securely.