Workplace identity theft isn’t caused by paper documents because we have gone paperless, right? Rubbish. Paper rubbish, in fact.

You and I both know that we use as much paper as ever. We sign up for electronic statements and then print and file them, along with important emails, financial documents, etc. Paper documents are more plentiful than ever, and they pose a significant risk of workplace identity theft and data breach.

According to a recent study* conducted by the Alliance for Secure Business Information (ASBI):

80% of large organizations surveyed indicated that they had experienced one or more data breaches over the previous 12 months. 49% of those breaches involved the loss or theft of paper documents. The average breach recovery cost $6.75 Million!

In other words, most businesses have already been breached and half of the time it was because of paper documents!

Fact: Every day, businesses manage highly confidential information (customer data, employee records, intellectual property), leaving themselves, their employees and customers vulnerable to an extremely costly data breach.

But what many fail to realize is that paper documents pose just as much of a risk to an organization as electronic documents.

Shredding is the most concrete form of identity theft prevention and the only way to help ensure that all confidential information included on paper documents remains just that…confidential.

As a two-time victim of identity theft (one of which resulted from un-shredded documents that went out in my trash), I know how important it is to shred confidential paperwork after use.  I also know how important it is to find a quality shredder and one with cross-cut capabilities that fits your offices’ individual needs. Watch the video above for more tips on proper shredding.

Fellowes Shredders Stop Workplace Identity Theft

I only use Fellowes Shredders. Here’s why:

• Fellowes, Inc. is the leading shredder manufacturer, which means that it has a shredder for every situation, home or office. It is an established, reputable company that stands behind their products with research, warranties and education.
• Fellowes shredders come with 100 percent Jam Proof technology, which means that they work when you need them most.
• I love the SafeSense feature, which disables the shredding device if human fingers get too close. That makes it safe for my young kids.
• They provide confetti shreds that are less than 2”, making it nearly impossible to re-construct the document.
• They last!

Want to find out which shredder is right for your unique office environment? Use this Fellowes Shredder Selector Tool.

John Sileo became America’s leading Workplace Identity Theft Speaker & Expert after he lost his business and more than $300,000 to identity theft and data breach. His clients include the Department of Defense, Pfizer and the FDIC. Learn more about bringing John to speak at your next event by contacting him directly on 800.258.8076.

*The web-based survey was launched August 12, 2008 and was closed August 21, 2008. Debriefing of respondents and analysis was completed August 30, 2008. The margin of error on all adjective scale and Yes/No/Unsure responses is: ? 3.5 percent. The final sample consisted of 819 individuals who work in IT operations, IT security, data protection and compliance in large organizations in a variety of industries.

Related posts:

1. Secure Document Storage
2. Workplace Identity Theft: Shredding
3. Auto Document Storage

Before you save sensitive data to any mobile device, it is your responsibility to:

• Determine if your organization allows you to remove the data in question from the office in the first place. Are you allowed to save that database, Excel file, Word document, customer list, employee record, intellectual capital, etc. on your laptop, thumb drive or other mobile device?
• Decide if it is absolutely necessary to remove it from the more highly-controlled and secure environment of the office. In many of the major cases of reported data breach, the data stored on the mobile device did not actually need to be there in the first place.
• Verify that you have been authorized by your supervisor to place a copy on your device. When in doubt, check with your manager, supervisor or privacy officer to determine the correct course of action.
• Exhaust all other lower-risk alternatives for accessing the data. In many cases, it is possible to utilize a secure remote access connection to access the data so that it never leaves the company premises. You lower your personal liability when you access the data through centralized, highly secure methods.

As you save sensitive data to the device, it is your responsibility to:

• Minimize the number of records you transfer. If you don’t need the entire contact database, take only the records that you need. In case of a breach, this minimizes exposure.
• Minimize the corresponding fields for each record transferred. If you only need names and phone numbers, don’t transfer additional account information such as address, account numbers, etc.
• Consider de-identifying the data to render it anonymous. For example, if you track medical records using a Social Security Number but are transferring the data to do a high-level analysis of overall profitability, there is no need to include the SSNs in your transfer. Exclude that column from the data you take with you.

Before you leave the office, it is your responsibility to:

• Attempt to encrypt the individual data file. In addition to encrypting the data device itself, it is possible in many software programs to encrypt the individual data file, giving an added layer of protection.
• Make sure your data device has been encrypted. This will most often be the responsibility of your IT department, but it is your responsibility to verify that they have done their job.
• Protect your device with a strong password that utilizes letters, numbers, symbols and upper/lower case characters where possible?
• Protect the individual sensitive files with a separate, strong password. The programs that allow you to encrypt individual files will also allow you to assign individual passwords to the file.

Once you have left the office, it is your responsibility to:

• Utilize a secure wireless internet connection only (e.g., in airports, hotels, coffee shops, etc.). Make sure your IT department has enabled WEP wireless encryption on your wireless device.
• Run a secure firewall between your laptop and your connection to the internet.
• Email sensitive data only when absolutely necessary and even then, use an encrypted, password-protected format?
• Physically secure (lock down) the device when in transit (e.g., in your car, in the airport, in your hotel room).
• Utilize Laptop Anti-theft Best Practices

Click here to view the embedded video.

When you no longer need the sensitive data on your device, it is your responsibility to:

• Remove and electronically destroy all remnants of the sensitive files on your device (e.g., digital shredding, low-level formatting and occasionally, like in the case of DVDs, CDs and tape backups, complete physical destruction). If this task falls under the responsibility of your IT department, it is your responsibility to make sure, to the best of your ability, that they do their job.

If this seems like a great deal of responsibility, that’s because it is. In the information economy, our most valuable assets are the information that we collect, store and protect every day. As executives or employees of our respective organizations, it’s not just profitable to protect sensitive information; it’s also the right thing to do.

John Sileo speaks to corporations about data breach protection. His clients include the Department of Defense, Pfizer and the FDIC. Contact John directly on 1.800.258.8076 to learn more.

Related posts:

1. Identity Theft for Businesses: Mobile Data Breach
2. Data Breach Increases 33% in 2010 and You’re Next
3. Data Breach Expert Sileo Talks to Fox Business