Tag Archives: ISO 27018

Common Mistakes Businesses Do When Maintaining Security Of Sensitive Data

Posted on by
Reply

Answer;              

Not properly classifying the sensitive information, managing it accordingly and in turn protecting it against current threats.

 

Secure Paper Shredding Hard Drive Shredding WEEE Destruction

 

As you read this from your mobile, tablet and or computer you are viewing data digitally. Paper shredding in Ireland and industrial paper shredding services offer data protection services for said devices. Knowing technology pitfalls is a massive part to data protection while also knowing how and when to share your digital information must also be considered.

There are three critical points to the proper protection of sensitive data.

  1. Data Classification

In line with European Standards; Companies must understand what data needs to be protected and create a Data Classification Policy. This policy in turn will classify data based on sensitivity. At a minimum three levels of data classification are needed.

    • Restricted: This information requires very high protection, Unauthorised dissemination would have serious terminal consequences for the company and infringe trade confidentiality obligations, contracts or laws. It is essential that the confidentiality of personal data is maintained. Otherwise there is a risk to the health and safety or personal freedom of the affected persons.

All data that reaches its end of life should be destroyed to a minimum of Shred No.6 of EN 15713 to ensure destruction beyond reconstruction.

    • Confidential or Private: This is moderately sensitive data that would cause a moderate risk to the company and could infringe legal obligations or laws if compromised. Access is internal to the company or department that owns the data. There would otherwise be a considerable risk to the social standing and financial situation of the affected persons.

All data that reaches its end of life should be destroyed to a minimum of Shred No.4 of EN 15713.

    • Public: This is non-sensitive data that would cause little or no risk to the company if accessed. Access is loosely, or not, controlled.

All data that reaches its end of life should be destroyed to a minimum of Shred No.3 of EN 15713.

 

  1. Encryption – All Organisations should have an encryption strategy in place to ensure all staff are aware and capable of utilising it correctly. The essential element to a good encryption strategy is to use strong encryption and detailed key management.

 

  1. Cloud Misuse – Essentially cloud storage translates to storing your data on someone else’s computer. When it is uploaded, the control over it is no longer only yours. Encryption should always be implemented prior to uploading to the Cloud. It is always advisable to read through the cloud providers policies with regard to handling data.

 

The most important thing for business is to be aware of the technology pitfalls. Secure document destruction in Ireland and its data protection laws are different to other countries. While the laws may be different country to country, the method of data breaches are usually the same. The more you know the better you can protect yourself and business from data breaches.

For more information on a secure document shredding service in the Dublin, Cork, Limerick or Galway area please visit: www.securityinshredding.com

Feel free to join in on the conversation @securityinshred

Onsite & Off Site Paper Destruction Service

Posted on by
Reply

Security In Shredding on site service, Onsite shredding service

At Security In Shredding we provide excellent and secure service in both onsite shredding and onsite collection with off site shredding. Providing paper shredding in Ireland with a high quality service.

Din 66399 Standard

We operate under this standard. The Din requirement is in place and provide 3 separate shredding levels for your data destruction. The level of protection will depend on the how fine the paper is shredded.

  • Din level 1
  • Din level 2
  • Din level 3

The type of documents used will depend on the level of security you should implement. Documents containing a low threat and low impact would require Din level 1. Sensitive data restricted to a small group of people would require Din level 2 as if these documents were leaked would cause harm to a business. Din level 3 should be used for highly confidential data only accessed by authorised people.

On Site Mobile Shredding

This service is beneficial if you require your documents to be securely shredded on business premises. Our specially designed vehicles will securely destroy your documents. The entire process is done securely and is environmentally friendly where all waste is sent to a licensed waste company. More information can be viewed here:

https://www.securityinshredding.com/onsite-document-shredding.php

Off Site Document Shredding

Our off site service is also done to a high standard of security. We operate on a scheduled basis and our staff will collect the bags from a secure area within the business premises. The bags are collected by uniformed staff on a set time and will inform you if they are on route. The bags are placed into a locked secure van and taken to our site where it is shredded. Full details of the process can be viewed here:

https://www.securityinshredding.com/off-site-document-shredding.php

IT & Media Destruction

Data is not just paper data. It comes in many forms and digital data and the devices used also need to be destroyed in a secure manner. Digital has has become more and more popular and data protection of these devices needs to be implemented.

https://www.securityinshredding.com/it-media-destruction.php

Our aim is to provide you with a high quality and highly secure service, with minimal impact on your day to day business activity while maintaining your data security. For more information please visit our site or contact us for a consultation:

https://www.securityinshredding.com/

Shredding Documents Before Recycling Them

Posted on by
Reply

Data Protection, Paper Shredding, limeirck paper shredding

Paper data still plays a major part of industrial paper shredding. It is important that you are Shredding confidential paper before it is put into recycling. This is to ensure that your data is protected and cannot be viewed by public eye.

Paper like any other recycling is often left in the blue bin outside your home or business for it to be collected. This is a common practice and nothing wrong with it. If your recycling contains documents of a personal nature and or sensitive data nor for public knowledge, how it is disposed needs to be taken into consideration.

It is quite easy to access anything contained in these bins and within an urban area someone in a “white van” and a high vis jacket could pull up and throw these bags into the van. What they do with these documents may be unclear but can be malicious intent. Having the documents shredded before it is recycled will increase your data security.

Shredding Documents

A good practice for your business to incorporate is to shred your document before you put them into recycling bin. Also to be aware that a simple office shredder does NOT provide adequate data destruction. This data can be reconstructed. An industrial paper shredding service provides you with secure paper shredding. Incorporating a service to handle and destroy your documents should be used.

Scheduled Onsite Collection

A reputable shredding service will provide you with a collection service to handle and securely destroy documents you have. Ringing your shredding service provider and organising a collection at a time specified by you will ensure that you know when your documents are to be transferred.

A shredding service can provide you with sealed bags for collection and shred them in off site paper destruction location. A shredding service can also provide onsite shredding service with their specially designed trucks to handle and destroy these documents.

Data Protection

Under the EU directive the data protection act and the data protection commissioner are governing bodies in place to ensure that businesses handle data correctly and ensure sensitive data is used in a correct manner.

For more information on a reputable shredding service in Ireland please visit:

https://www.securityinshredding.com/

Protecting Personal and Work Devices

Posted on by
Reply

secure data

All electronic devices can potentially suffer from Data Breaches if not protected correctly. The breach can be in violation of Data Protection laws if the Data Protection Commissioner is not informed. Secure document destruction is an important part of business and organisation incorporate.

A recent event involving a personal computer used in a federal building that contained details of child support accounts, and social security details and other hard drives that may have contained user details.

A US watchdog wrote an open letter to the federal government asking why staff member was able to use a personal device to access these details, given that it violates the security policy. The letter continues and mentions other Data Breaches in government buildings and the lack of Data Protection.

Situations like this increasingly more common and not just government buildings. Bank account details have being breached. Online accounts to various sites have being breached and this happens on a global scale. You will hear that the breach occurred because someone left a device behind them. Be it the seat of a train home from work, a USB key dropped in a cafe.

The human error of forgetting something is not the problem (we all forget things from time to time), but the issue is the data contained on these devices and the lack of protection in place especially devices with sensitive data.

Company Policy

It is worth knowing your company polices on weather or not personal devices are allowed to conduct business actions. Also if using company devices weather or not you can use personal applications on them. It is important to know this. We live in a time of technology and information being widely available and with the increased usage there is also the potential of breaches.

How these breaches occur will can vary but there are common factors and technology is written with a universal language.

  • Ask your IT specialist on what to look out for when using the device
  • Research good practices online
  • Enalble location of device if appliable in case it is misplaced.
  • Encrypt devices where possible including mobile devices and USB keys
  • Be aware of what information is stored on a device (paper or electronic) and the potential breach that could occur if misplaced.

A confidential shredding service will also improve your Data Security and provide you with methods for protecting your device. Please visit our site for more information:

https://www.securityinshredding.com/

American college (TCC) affected by data breach

Posted on by
Reply

Security in Shredding Data protection & destruction

Onsite paper destruction and or offsite paper destruction are services provided with shredding companies in Ireland. “Shredding Paper Ireland” will provide you with a decent result when researching for an industrial paper shredding service.

In a recent story involving an American college in Virginia were subject to a data breach involving staff and their names and social security details. 15 of the college employees who had submitted their tax returns to the IRS (American version of Revenue Office) were later told that their tax had already being done using their social security number.

Approximately 3192 employees in the Virginia college system may have being effected by the breach. It appears the details of the leaked data containing the names and social security numbers may have being sent to a fake account from the college.

While this happened in America the method as to how it happened remains the same. A false account was created to look like an official college page. The page will have asked the user to enter in or provide specific data. These scams will prey on human error or uneducated person to transfer this data.

How to protect yourself from these attacks

If you feel your business has being subject to one of these attacks here are a number of things to look out for. If you use a regular paid service whatever the format, these services will have your name on record and will be able to display it on emails and documents.

  • “Dear Customer” can be an indication of something off. A reputable service will easily be able to display your name here instead of customer.
  • Asking you to click a link from the email itself rather than going through the official website of the service provider to pay for services.
  • Do not click on links you are uncertain of going through the service provider site itself is a good practice.
  • Asking for specific details is also a sign of malicious intent. Reputable sites do not ask for this information as information such as passwords are NOT known by the service provider as these are encrypted and only known by you.

What To Do If Breach Occurs

  • Alert the service provider that a breach has occurred
  • Alert relevant authorities such as banks, revenue office so they know to monitor irregular transactions.
  • Inform employees to change passwords to the relevant accounts
  • Inform customers that may have had their data accessed
  • Sooner the better you alert the authorities the quicker and less damaging the data breach will be

The full article involving the TTC can be read here:

https://www.13newsnow.com/news/local/mycity/virginia-beach/tcc-100-employees-affected-by-data-breach/110309810

For more information on data security please
 visit:

https://www.securityinshredding.com/shredding-benefits.php

The Future Of Data Security

Posted on by
Reply

Secure Paper Shredding Hard Drive Shredding WEEE Destruction

Document shredding service are a vital part of Data Protection. Shredding services in Ireland when a clear out shredding is needed. Offsite shredding services can be incorporated into everyday business to comply with Data Protection laws and improving Data Security.

Siliconrepublic an Irish based article site recently posted an interesting article regarding the future of Data security. Data Security is now more than ever vital for businesses to succeed. Technology has continuously improved and grown over the past number of years. The devices used has greatly helped smaller businesses compete with larger companies. With all this growth in technology aspects of the technology have being lost or information about it has become confusing and conflicting.

Data Security with technology will always be a continuous process. Between encryption, mobile devices and cyber warfare means that there will be no end to this process. Security experts can only protect against known breaches. Hackers have a small window of opportunity to work with.

Data Security Small Business

What does this mean for your business. For one, hiring a confidential shredding service that is also reputable and recognised by governing bodies. A shredding service must comply with Data Protection laws. A shredding service implemented within your business will ensure that you are protecting your data and improving data security.

Data Security is more than just electronic devices and digital data. Paper also contains data. Sensitive data in particular must be accessed and handled correctly. Who has access to this data and how this data is destroyed when no longer in use. A shredding service will handle these documents and devices and destroy them in a confidential and secure manor. ISO 9001:2008 is a good mark to look out for before hiring a shredding service for your business.

This type of data is what hackers and criminals try to achieve and will prey on human error to obtain this data. Dumpster diving will occur and if your documents are not shredded or only used a simple office shredder will not securely destroy data. Digital data can be accessed easily if the data is not encrypted or has not being wiped correctly. USB keys should be kept securely in your possession if they contain data. When shredding ask for the DIN level of shredding required to ensure secure data destruction.

Awareness to these methods is paramount to the success of your business and Data Security. If a data breach occurs then your business can be liable and receive a hefy penalty.

Read the full article here:

https://www.siliconrepublic.com/enterprise/2016/03/24/cybersecurity-future-of-security-hackers

Details for a confdential shredding service please visit:

https://www.securityinshredding.com/

Data Protection Ireland Today

Posted on by
Reply

Data proccesser and data commissioner

Secure document destruction in Ireland can come in the form of an onsite paper shredding service or an off site paper shredding service. Data comes in many forms and The Data protection Act is in place to ensure that this data is protected.

Data Protection is a vital for a business to succeed and remain in business. If customers or users know that your service does not protect your data. It will be a massive loss to business and business reputation. Your business can suffer from a severe penalty for not protecting your data.

An interesting article written by Colm Gorey titled “3 issues defining data protection in Ireland today  The issues discussed are relevant to today’s business. The 3 topics discussed were:

  1. ISO 27018: Cloud computing privacy standard – one year on

  2. Personal data and your right to access it — Ireland vs the UK

  3. Challenges to data protection under the internet of things

The first point talks about the governing of personal data through cloud based systems. Standards have being created to ensure the protection of data and were received well by Data Security experts. The ISO 27018 standard can be read here. Cloud computing has become a major asset to business functionality and knowing what cloud based systems are doing with your data should be investigated and researched when changes if any occur.

The second point refers to Irish and English law. Although both countries have similarities the law for each country does vary and in particular with personal data and access to it. Your business must abide by the rules in place of the country it is based in. A good example of how country laws differ can be read at this link.

Awards of Damages for Data Protection Breaches – UK and Irish Approaches Contrasted

Thirdly the internet of things (IOT) refers to the general use of internet and internet services. Governments and official bodies are trying to develop ideas or frameworks that will regulate the internet of things. What has happened is the EU 28 data protection bodies.

for more information on data protection and a confidential shredding service please visit: https://www.securityinshredding.com/