Posts

Is Document Shredding Still a Thing in This Digital Age?

Document shredding seems to have fallen out of favor. I recently received some questions from a client wondering if, in the age of remote massive database breaches by pajama-clad hackers, we should still shred our sensitive documents.  If it is so easy to access it digitally, then why would anyone go through the arduous, dirty work of old-fashioned dumpster diving?

In case you have the same questions, here are my thoughts:

Is Identity theft via paper still an issue in this digital age?

Without even a moment’s hesitation – YES IT IS! It no longer gets the press it used to and dumpster diving, physical file theft and the like never account for the sheer volume of identities stolen (it’s more profitable and efficient to hack a million IDs at a time from Facebook or Equifax), but they are still part of the criminal toolkit, especially for local criminals (who don’t have hacking experience) and especially for organized criminals that need small bits of information from a target before they socially engineer them to hand over the keys to the kingdom (e.g., gaining their trust to manipulate them out of their user login credentials at work based on information from physical documents, embarrassing trash, etc.).

Do people still need to shred all of their paper documents? 

The initial answer is no, because that information is already out there in volumes. The wiser answer, from a habituation perspective, is yes. In 30 seconds a day (if your shredder is convenient), you can shred everything with personal information on it? That way, when it does have something more valuable (account number, last four of your SSN or any of those small bread crumbs that lead to greater levels of trust and access), you have already established a good habit. When users are advised to just shred X or Y, instead of everything personal, they eventually forget or give up because the volume is too low.

Are cross-cut document shredders enough or should we use higher-security micro-cut shredders?

For the average person who doesn’t work in a defense-related, finance-related or health-related job (you get the idea), I think that a simple confetti shredder is plenty sufficient. There is technology out there to recreate documents, but that isn’t really the concern of your average reader. If they have security clearance or deal with highly sensitive information from work in their home, then yes, the higher end are better.

The Achilles heel of shredding is that people don’t take care of them (empty them, oil them, etc.) and they break like a car with no oil, so that is part of the deal – you have to maintain them. I still have a shredder in my home office and several at work. We put all of the documents in a bin next to the shredder and shred them a couple of times per week before the trash goes out. That makes it a bit more efficient.

In other words, how paranoid should we still be about shredding documents?

Paranoid is a touch too strong. Just be smart. Think about unshredded documents as the reconnaissance tools that cyber criminals use to commit larger crimes. If I find your bank statement unshredded in the trash, I can now call you, pretend to be the bank using a caller ID spoofing app, recite the last four digits of your account and get the information I need acting as the bank to close out your account on the very next call. And from a corporate perspective, it’s even more valuable data.

So what are the basic reasons behind document shredding?

  • Prevent identity theft
  • Protect your customers and your employees
  • It’s the law (under the Data Protection Act)
  • It saves space
  • It’s “green”! Shredded paper makes recycling much easier

What documents should you shred?

  • Medical records and bills (keep for at least a year after payment in case of disputes)
  • Old tax returns: after three years of returns you are allowed to throw them away, as long as you aren’t committing fraud – otherwise you can be held liable indefinitely
  • Old photo IDs
  • Bank, investment, medical or insurance statements (or anything else that contains vital identity or account numbers)
  • Credit card offers and expired credit and debit cards
  • Canceled or voided checks
  • Pay stubs
  • Copies of sales receipts
  • Convenience checks (Blank checks your credit card company sends to borrow against your credit line)
  • Junk mail that contains personally identifying information (watch for barcodes)
  • Mail related to your children or their school

Remember, shredding isn’t only for large companies.  As someone who personally was a victim of dumpster diving, trust me and take the extra four seconds to shred that piece of trash; it may save you years of time spent trying to recover from financial devastation.

About Cyber Security Keynote Speaker John Sileo

John Sileo loves his role as an “energizer” for cyber security at conferences, corporate trainings, and industry events. He specializes in making security fun so that it sticks. His clients include the Pentagon, Schwab and many organizations so small (and security conscious) that you won’t have even heard of them. John has been featured on 60 Minutes, recently cooked meatballs with Rachel Ray and got started in cyber security when he lost everything, including his $2 million software business, to cybercrime. Call if you would like to bring John to speak to your members – 303.777.3221.

Workplace Identity Theft: Shredding

The following is an excerpt from John’s latest book Privacy Means Profit. To learn more and to purchase the book, visit our website www.ThinkLikeASpy.com.

For businesses, shredding is low-hanging fruit (one of the easiest sources of data breach to eliminate). But businesses are so often focused on electronic forms of data breach that they fail to heed the following statistics highlighted in a recent Ponemon Institute study conducted for the Alliance for Secure Business Information:

  • More than 50 percent of sensitive business data is still stored on paper documents.
  • Forty-nine percent of data breaches reported in the survey were the result of paper documents.
  • Sixty percent of businesses admitted that they didn’t provide the proper tools (e.g., shredders) to safely discard documents that were no longer needed.
  • The average data breach recovery cost according to this survey was $6.3 million.

If you own a business, make sure to destroy sensitive documents prior to discarding them, to decrease your legal liability. Businesses are required to destroy all consumer information before discarding it in the trash. The Fair & Accurate Credit Transaction Act (FACTA) Disposal Rule states that ‘‘any person who maintains or otherwise possesses consumer information for a business purpose’’ must properly destroy the information prior to disposal. FACTA further states that every person and/or business must take ‘‘reasonable measures’’ to protect against unauthorized access to the use of the information in connection with its disposal… Click Here to Continue.

 

Privacy Means Profit

Prevent Identity Theft and Secure You and Your Bottom Line

This book builds a bridge between good personal privacy habits (protect your wallet, online banking, trash, etc.) with the skills and motivation to protect workplace data (bulletproof your laptop, server, hiring policies, etc.).

In Privacy Means Profit, John Sileo demonstrates how to keep data theft from destroying your bottom line, both personally and professionally. In addition to sharing his gripping tale of losing $300,000 and his business to data breach, John writes about the risks posed by social media, travel theft, workplace identity theft, and how to keep it from happening to you and your business.

Paper Document Shredders: Fellowes Tears it Up!

fellowes-shredderFellowes Powershred

Who cares about document shredders in a digital world? You should. We were supposed to have gone paperless by now, right? Rubbish. Paper rubbish, in fact.

You and I both know that we use as much paper as ever. We sign up for electronic statements and then print and file them, along with important emails, financial documents, etc. Paper documents are more plentiful than ever, and they pose a significant risk of workplace identity theft and data breach.

According to a recent study conducted by the ASBI: 80% of large organizations surveyed indicated that they had experienced one or more data breaches over the previous 12 months. 49% of those breaches involved the loss or theft of paper documents. The average breach recovery cost $7.2 Million!

Many businesses fail to realize is that paper documents pose just as much of a risk to an organization as electronic documents.

Shredding is the most concrete form of identity theft prevention and the only way to help ensure that all confidential information included on paper documents remains just that…confidential.

I also know how important it is to find a quality shredder and one with cross-cut capabilities that fits your offices’ individual needs. Watch the video for more tips on proper shredding.

Not all paper shredders are created equal

I only use Fellowes Shredders. Here’s why:

  • Fellowes, Inc. is the leading shredder manufacturer, which means that it has a shredder for every situation, home or office. It is an established, reputable company that stands behind their products with research, warranties and education.
  • Fellowes shredders come with 100 percent Jam Proof technology, which means that they work when you need them most.
  • I love the SafeSense feature, which disables the shredding device if human fingers get too close. That makes it safe for my young kids.
  • They provide confetti shreds that are less than 2”, making it nearly impossible to re-construct the document.
  • They last!

Want to find out which shredder is right for your unique office environment? Use this Fellowes Shredder Selector Tool.

John Sileo became America’s leading Workplace Identity Theft Speaker & Expert after he lost his business and more than $300,000 to identity theft and data breach. His clients include the Department of Defense, Pfizer and the FDIC. Learn more about bringing John to speak at your next event by contacting him directly on 800.258.8076.