Posts

Paper Document Shredders: Fellowes Tears it Up!

,

fellowes-shredderFellowes Powershred

Who cares about document shredders in a digital world? You should. We were supposed to have gone paperless by now, right? Rubbish. Paper rubbish, in fact.

You and I both know that we use as much paper as ever. We sign up for electronic statements and then print and file them, along with important emails, financial documents, etc. Paper documents are more plentiful than ever, and they pose a significant risk of workplace identity theft and data breach.

According to a recent study conducted by the ASBI: 80% of large organizations surveyed indicated that they had experienced one or more data breaches over the previous 12 months. 49% of those breaches involved the loss or theft of paper documents. The average breach recovery cost $7.2 Million!

Many businesses fail to realize is that paper documents pose just as much of a risk to an organization as electronic documents.

Shredding is the most concrete form of identity theft prevention and the only way to help ensure that all confidential information included on paper documents remains just that…confidential.

I also know how important it is to find a quality shredder and one with cross-cut capabilities that fits your offices’ individual needs. Watch the video for more tips on proper shredding.

Not all paper shredders are created equal

I only use Fellowes Shredders. Here’s why:

  • Fellowes, Inc. is the leading shredder manufacturer, which means that it has a shredder for every situation, home or office. It is an established, reputable company that stands behind their products with research, warranties and education.
  • Fellowes shredders come with 100 percent Jam Proof technology, which means that they work when you need them most.
  • I love the SafeSense feature, which disables the shredding device if human fingers get too close. That makes it safe for my young kids.
  • They provide confetti shreds that are less than 2”, making it nearly impossible to re-construct the document.
  • They last!

Want to find out which shredder is right for your unique office environment? Use this Fellowes Shredder Selector Tool.

John Sileo became America’s leading Workplace Identity Theft Speaker & Expert after he lost his business and more than $300,000 to identity theft and data breach. His clients include the Department of Defense, Pfizer and the FDIC. Learn more about bringing John to speak at your next event by contacting him directly on 800.258.8076.

 

Data Breach Protection: Laptop Theft Best Practices

laptop-theftLaptop theft and mobile data theft (tape backups, iPhones, BlackBerries, USB drives) account for nearly half of the cases of serious corporate data breach and workplace identity theft. Your corporation’s data breach protection will be significantly improved by educating your staff on the following mobile data best practices:

Before you save sensitive data to any mobile device, it is your responsibility to:

  • Determine if your organization allows you to remove the data in question from the office in the first place. Are you allowed to save that database, Excel file, Word document, customer list, employee record, intellectual capital, etc. on your laptop, thumb drive or other mobile device?
  • Decide if it is absolutely necessary to remove it from the more highly-controlled and secure environment of the office. In many of the major cases of reported data breach, the data stored on the mobile device did not actually need to be there in the first place.
  • Verify that you have been authorized by your supervisor to place a copy on your device. When in doubt, check with your manager, supervisor or privacy officer to determine the correct course of action.
  • Exhaust all other lower-risk alternatives for accessing the data. In many cases, it is possible to utilize a secure remote access connection to access the data so that it never leaves the company premises. You lower your personal liability when you access the data through centralized, highly secure methods.

As you save sensitive data to the device, it is your responsibility to:

  • Minimize the number of records you transfer. If you don’t need the entire contact database, take only the records that you need. In case of a breach, this minimizes exposure.
  • Minimize the corresponding fields for each record transferred. If you only need names and phone numbers, don’t transfer additional account information such as address, account numbers, etc.
  • Consider de-identifying the data to render it anonymous. For example, if you track medical records using a Social Security Number but are transferring the data to do a high-level analysis of overall profitability, there is no need to include the SSNs in your transfer. Exclude that column from the data you take with you.

Before you leave the office, it is your responsibility to:

  • Attempt to encrypt the individual data file. In addition to encrypting the data device itself, it is possible in many software programs to encrypt the individual data file, giving an added layer of protection.
  • Make sure your data device has been encrypted. This will most often be the responsibility of your IT department, but it is your responsibility to verify that they have done their job.
  • Protect your device with a strong password that utilizes letters, numbers, symbols and upper/lower case characters where possible?
  • Protect the individual sensitive files with a separate, strong password. The programs that allow you to encrypt individual files will also allow you to assign individual passwords to the file.

Once you have left the office, it is your responsibility to:

  • Utilize a secure wireless internet connection only (e.g., in airports, hotels, coffee shops, etc.). Make sure your IT department has enabled WEP wireless encryption on your wireless device.
  • Run a secure firewall between your laptop and your connection to the internet.
  • Email sensitive data only when absolutely necessary and even then, use an encrypted, password-protected format?
  • Physically secure (lock down) the device when in transit (e.g., in your car, in the airport, in your hotel room).
  • Utilize [intlink id=”399″ type=”post”]Laptop Anti-theft Best Practices[/intlink]

When you no longer need the sensitive data on your device, it is your responsibility to:

  • Remove and electronically destroy all remnants of the sensitive files on your device (e.g., digital shredding, low-level formatting and occasionally, like in the case of DVDs, CDs and tape backups, complete physical destruction). If this task falls under the responsibility of your IT department, it is your responsibility to make sure, to the best of your ability, that they do their job.

If this seems like a great deal of responsibility, that’s because it is. In the information economy, our most valuable assets are the information that we collect, store and protect every day. As executives or employees of our respective organizations, it’s not just profitable to protect sensitive information; it’s also the right thing to do.

John Sileo speaks to corporations about data breach protection. His clients include the Department of Defense, Pfizer and the FDIC. Contact John directly on 1.800.258.8076 to learn more.