Data Destruction is Good For Business

Good businesses make an effort to properly manage and destroy information.  Sometimes it’s required by HIPPA or other regulations, and sometimes it’s just good practice.  Data destruction is often handled externally from an organization through a data destruction service that’s NAID or some other XYZ certified. 

Not Everyone’s Perfect

What happens when a destruction service employee is having a bad day?

Documents that should be shredded go everywhere.  Hundreds of documents.

This was a cold, windy day, and the documents were blowing everywhere.  The lone employee could not save it all.

This was both sad and funny.  This article was intended to be humorous by using the photo and their tagline reassuring quality, but in better judgement the company name/tagline has been blurred (and lost any humor with it).  Just like in real life – let’s explain it like a bad joke.  The tagline essentially said –

‘You can rest easy because we’re handling your data.’  

The irony.

 

Reasons Why We Shred Documents

  • Shredding documents helps to protect stakeholders from falling victim to identity theft
  • Customer information including names, credit cards, routing numbers, etc can put your customers at risk for attacks either by providing direct access to valuable information or providing enough information to leverage in a spear phishing attack
  • HIPPA, PCI, and other regulations/laws require organizations to destroy data appropriately and in a timely fashion
  • When you’re investing resources into new products, business models, markets, etc. it’s important that your findings aren’t leaked to the competition, so properly handling and disposing of data ensures that you get to market fast and first

Types of Documents That Need Shredded

  • Business Documents
    • Strategic reports including product, sales, and customers planning
    • Legal contracts – enough said
    • Employee information – payroll, performance review, applications, medical records, etc.
    • Procurement – vendor records, purchase orders, confidential information, pricing sheets
  • Personal Information –
    • Documents that contain Date of Birth, Social Security Number, Name, Address, Telephone Numbers, Driver License Number, and more.  By no means is this comprehensive, so used good judgement to make sure you’re protecting your information.  If you aren’t sure why the Equifax breach was such a big deal, one of the reasons is that Equifax holds this information for a large percentage of the USA.
    • Account Information – Usernames and passwords written down or stored in a plain text file is like leaving a key to your safe in the safe. You’ll also want to shred account numbers, credit card statements, tax statements, bills, etc.  

Good Data Destruction

I’m not here just to complain, so here’s my recommendations on what to look for in a good data destruction company.

  • Standards – There are plenty of good standards, and two that I recommend looking for are below.
    • NIST – National Institute of Standards and Technology
    • NAID – National Association for Information Destruction
  • Services
    • Options are key – you may need to reuse hard drives, or may need them out of site.  A good provider will have various options to give you exactly what you need.
    • Onsite data destruction means that a provider can destroy data before it leaves your premise which is expected/required in certain situations
  • Recycling
    • Make sure your electronics won’t end up in a landfill
  • Auditing
    • Maintaining compliance to certain regulations can often require that you provide a data destruction paper trail.  Good data destruction companies can include this in their service.

Employees and Proper Destruction

Having the right policies in place for proper security is important, but that’s just the beginning.  Employees must be aware of your policies and understand how they play a role in protecting company and customer information.

Wuvavi provides an employee cybersecurity platform for training your employees on best practices, simulating phishing campaigns to raise awareness, and providing certifications/audit trails related to employee awareness.  If you’re not ready for an information security platform just yet, we recommend having a conversation with your employees about the role they play in your organizations security – The Cybersecurity Conversation You Should Be Having With Your Employees.