Monthly Archives: May 2016

6 Steps To Improve Your Data Security

Posted on by
Reply

privacy-data-security

Data is King. Protecting your data comes in many forms. Your confidential document shredding specialist will securely destroy any sensitive documents. Data protection is equally important as data destruction. IBM are a leading High Tech company and provide you with relevant information and software to improve your security.

IBM Security solutions for data security and privacy provide a holistic approach that helps prevent data loss while enabling data access to support business operations, growth and innovation. These solutions help you ensure regulatory compliance, defend against internal and external attacks, and can lower storage and data management costs.

IBM Security solutions for data security and privacy enable a layered approach to achieving data security that helps you:

  • Understand and classify sensitive data: Understand where data resides, how it is related and how to define security and privacy policies. What data is sensitive and what data is not must be established.
  • Assess vulnerabilities: Detect database vulnerabilities and harden repositories. Be aware of paper data is stored. Add a lock to a room or cabinet to add an extra layer of security.
  • Monitor and audit: Monitor transactions to enforce policies and capture a detailed audit trail. Any printed documents with sensitive data must be destroyed once the document life cycle is complete.
  • Prevent unauthorised database activities: Block, quarantine or mask transactions that violate policy. With paper data limit who can access sensitive data management or senior staff.
  • Protect sensitive data: Encrypt structured and unstructured sensitive data, mask or redact sensitive data in documents and forms, and encrypt data in storage.
  • Manage access: Manage privileges and authenticate users to limit data access.

IBM also provide a free software for you to assess and detect vulnerabilities. The software will detect weak passwords, any misconfiguration on your database. Read more about it here: https://www-03.ibm.com/software/products/en/security-guardium-vulnerability-assessment  

While IBM methods deal with digital data the crossovers and similarities can be applied to your paper data. Paper shredding services will also offer digital data protection and knowledge. Knowing these risks and implementing the steps to prevent a data breach will benefit your business or organisation in the long run.

Technology terminology can be confusing to understand but implementing security measures for digital devices is pretty straight forward. For more information on a data protection and security please contact us or visit our site for more information.

Data Protection With Workplace Technologies

Posted on by
Reply

Digital Data & Paper data equally important to protect

Your confidential document destruction service is more than just paper data destruction. Digital data also has a secure data destruction method. The devices used to view this data must be properly protected to ensure your data is protected.

Mobile technology increases workplace productivity. Smart phones, laptops, i-pads and other devices allow employees to work regardless of location. As good as these mobile devices are they also increase the risk of a potential data breach too.

So how does an organisation maintain the increase in productivity whilst protecting its confidential information?

Embrace it; The use of mobile devices assists the employees in their efficiency and productivity.

Latest Technologies; By keeping your technologies up-to-date you are ensuring that productivity is not being hindered by the use of out-dated technologies.

CYOD Policy. For improved security control, a Choose Your Own Device (CYOD) policy is recommended. This allows employees to choose devices from a list of approved choices, and companies could equip devices with the appropriate security.

Control of the apps. While apps can improve both the efficiency and speed of specific work tasks; Security in Shredding encourages organizations to provide employees with practical and approved enterprise-grade mobile apps for work.

Digitize. In todays world there is a growing number of organisations whom are digitizing information and processes to reduce costs. But all sensitive data still has to be properly disposed of when it is no longer required. Security in Shredding strongly recommend organisations to out-source the destruction of data when it reaches end of life. A certified data destruction service provider will securely destroy sensitive material when it reaches its end of life. Proper certified destruction guarantees that data cannot be recovered.

Cloud computing. While cloud benefits include cost savings, elasticity, and storage on demand, it still poses a great concern. There are a number of tools available to protect data in the cloud such as encryption and cryptographic tools. Click here to read more: https://ow.ly/hiVq30085uP

Train your employees. All the technologies in the world could be at ones finger tips but the users, in this case the employees need to be taught the best practises. All policies should also apply and be treated of equal importance in the office and outside of the office.

If you require any further information regarding any of the points above, you can get in contact with our Data Management Consultants either through the contact us page or simply phoning us on +35367 24848.

Data Protection Laws Set For An Update (2018)

Posted on by
Reply

Security in Shredding Data Protection Law

The General Data Protection Regulation has now being published in the official journal:  EU Official Journal. The journal was released on the 4th of May 2016.

This will result in the GDPR entering into force on the 24th of May 2016. Provisions will be directly applicable form the 25th May 2018. Organisations will have two years to prepare to the changes. Training courses on how to prepare for the changes are available in various cites throughout 2016 and 2017.

Data Protection Ireland Journal will keep you up to date with articles and journal entries regarding the new changes.

This change will effect Irish people and a course will take place in Dublin.

  1.  Friday, 16 September 2016

  2. Wednesday, 05 April 2017

The course will start at 10:00 to 16:00 (including lunch).

The course will cost €545 plus VAT

This course provides delegates with a detailed insight in to the main provisions of the Regulation, as well as practical guidance on what organisations should start doing to ensure that they are prepared for the new changes. The content includes:

  • The scope of the Regulation, including extra-territorial applicability
  • Key definitions
  • The role of the lead authority
  • The principles relating to personal data processing, including a detailed analysis of ‘consent’ and ‘legitimate business interests’
  • New obligations on data processors
  • Data breach notification
  • New obligations for Data Protection Officers
  • Data subjects’ rights
  • Data protection by design and default
  • Codes of Conduct and Certification
  • International data transfers
  • Consequences of non-compliance

Anyone attending the event should have a basic knowledge current data protection legal requirement. For anyone who does not have any knowledge of data protection laws can get up to date with data protection essential knowledge level 1 and then data protection essential knowledge level 2.

The course is recommended to be taken by compliance officers, HR managers, Office managers, Company secretaries, IT managers, Business analysts, Records Managers, legal advisers, Database managers and others.

Compliance & Your Data Processor

At Security In Shredding confidential document shredding and all other services provided are done in compliance with the law. Data Security and Data protection are paramount objectives for us to achieve. We keep up to date with these laws to ensure that we are operating correctly when processing Secure Documents.

If your business or organisation requires a Secure Document Shredding specialist please contact one of our team members for more information.

This change not only effects us but everyone within the EU, please like and share this article or join in on the conversation on our twitter feed

Organising Paper, Sensitive Data & Clear Out Shredding

Posted on by
Reply

clear out paper shredding

Secure Document Shredding specialists are recommended for large quantity clear out shredding. That being said it, happens to the best of us, we get a document and say “I’ll deal with it later” and set the document aside. We go back to our work and another document will be given to us or another one is added or set aside. It doesn’t take long before a pile starts to build and the less likely that pile gets dealt with. When we decide to deal with it, the pile has become a more daunting task to clear

If the pile is not organised there is a danger of confidential or secure documents being lost in the pile and data breaches can occur if gotten into the wrong hands.

Ideally setting up an organisation plan before the clutter starts to build makes it easier to implement this process. Clutter for one is an eye sore. Its messy, not organised and can cause stress to you and your office

The dread comes from knowing you need to deal with it, but not necessarily knowing exactly how to deal with the quantity and feeling overwhelmed by what feels like an enormous task.

A single piece of paper is easy to deal with but this post is more to deal with when a pile has accumulated into clutter stack.

Knowing and separating your confidential documents is a starting point. View our What to Shred list and see what documents can contain sensitive data.

Daily & Weekly Paperwork Routine Is Essential To Long-Term Paper Organisation & Reducing Risk Of Data Breach

Actions such as: (1) bin it right away; (2) delegate it to someone else; (3) file it for future reference (meaning no action is currently needed with this paper); or (4) keep it to take some type of action on.

Examples of papers that come into your office that require you to take action include invoices, tax forms, bank statements etc.

This type of confidential paper is often left aside to be worked or filled in at a later stage, creating a “to do pile.” The longer this pile is left to accumulate the bigger the pile becomes creating more stress and clutter. While also being a security risk as a data breach could occur if these documents came into the wrong hands.

Adopting a “Clean Desk Policy” is a good step to deal with clutter and prevent piles from building. Working on documents on a daily basis is a good first step. Do a little everyday will be a lot in the long run. The daily routine will become a weekly routine.

When you combine the daily and weekly routines together the total system for paper organisation will be complete.

What To Do In The Weekly Paperwork Session

The weekly paperwork session is not complicated. First, choose a day that suits your schedule. Doesn’t matter what time or day you choose as long as you do it consistently.

Once you’ve decided on the day, all you do is grab the stack of paperwork that has accumulated over the course of the week on the day you’ve chosen, and now you sit down and tackle it, one piece of paper at a time.

Do the paper work in batches. Deal with enough confidential documents that reduces the pile. It is still business as usual when dealing with the pile, paper is still going to be added but again as long as the pile is getting smaller than bigger is what we desire.

You should consider doing the following tasks during your weekly paperwork session:

  • Pay bills
  • Make phone calls that are necessary about bills, or other information that comes in during the week
  • Reconcile your bank account, confirming what checks cleared during the past week and that all deposits are credited to the account, etc.
  • Make any necessary money transfers between bank accounts.
  • Confirm everything appears to be working normally as it relates to automatic withdrawals and automatic bill pay for your accounts.
  • De clutter, organize and file that week’s receipts.
  • File paid bills and other filing that has accumulated during the week.
  • Deal with any other documents confidential or otherwise.
  • Adding dates to your calendar, both from papers or emails you’ve received.

These tasks deal with paper data but digital data is equally as important to deal with. Responding to emails and other on line services should also be part of your document organisation schedule.

It doesn’t matter how big a pile has accumulated, a paperwork session is about good habit forming done regularly each week.

Once paper organisation habit has formed, it creates a better management of document life cycle and spot potential data breaches and mistakes in the documents.

Off Site Shredding Service Can Handle Large Quantities

Clutter can be dealt with on you desk and around you. There is also an option of availing of a Clear out Shredding ServiceOld or archived documents that no longer serve a purpose that may be in a clutter pile can easily be dealt with by our services.

Security In Shredding offers both On Site Document Shredding and Off Site Document Shredding Ireland. We can handle large quantities of paper and shred them securely. If you want that pile removed quickly and remove the data breach risk immediately,

please contact our team today and visit our site. We operate our Confidential Shredding in Dublin, Galway, Limerick and Cork areas and the rest of Ireland.

7 Questions Dealing With Sensitive/Personal Data

Posted on by
Reply

privacy-data-security

We live in a digital information age and how this information in gathered and viewed is through mobile or electronic devices. On site document shredding services will handle your paper data and also digital media to be destroyed securely.

Cyber liability, cyber security and information governance are terms that managers and directors are aware of due to high-profile data security breaches in recent events (“Panama papers”). Mason Hayes & Curran covers the critical questions these companies need to be asking.

In an increasingly interconnected world, with the expansion of the internet and development of the internet of things (IoT), there has been a corresponding increase in the vulnerability of information systems to attack.

The Cyber Security for Directors app with the Institute of Directors in Ireland has released an app to help heads of companies to understand their responsibilities regarding digital data security.

The app details the various types of cyber liability and cyber risks, while drawing together the key areas for directors to consider. It also outlines both proactive and reactive strategies to manage cyber security. The app is available on Android and iOS.

Technology has rapidly changed over the past 20 years and continues to grow. People’s reliance on digital devices both for storage and transmission of data, is making data breaches all the more damaging to organisations. How a mobile device operates both the front end (you) and back end(server) is not that transparent unless you have a good understanding of data transfers.

Knowing how this works is not essential but can make it easer to understand where the pitfalls lie within a device will benefit data security.

Where there is liability, there is a corresponding responsibility for that liability. As the duties of directors come increasingly under the microscope, it is clearly in the interests of directors to ensure that they understand their responsibilities in this area.

Below, we have outlined the key questions that directors should ask in relation to the collection and processing of data

1. Are we being transparent?

Data must be obtained fairly and the company must be transparent about the reason the data is being collected and the purpose for which the data will be used. Data must not then be put to a further incompatible use.

2. Do we have consent?

Consent is usually, but not always, required. If the information is non-sensitive, there can be implied consent. If the information gathered is sensitive (such as relating to an individual’s health, race, sex life, religious beliefs or trade union membership) then there must be explicit consent.

3. How long are we retaining data for?

Personal data can only be stored for as long as is necessary. There should be no retention of data ‘just in case’.

4. Are we collecting unnecessary data?

Data should only be collected if necessary. There are PR risks to any company if data is collected and stored unnecessarily.

5. Are we keeping the data secure?

You must have appropriate security measures to protect any data you are storing. Take into consideration the state of the technology you are using, the cost of implementation and the nature of the data and potential harm if a breach occurs.

6. Are we giving the data to third parties?

Are the third parties controllers or processors? In other words, on whose behalf will they use the data? If they are controllers, you will likely need consent for collection. If they are processors, special written contract terms are required.

7. Is the data leaving Europe?

If collected data remains within the European Economic Area (EEA), transfer issues do not arise. If the data is to be transferred outside the EEA then safeguards are required unless it is an approved country, eg Canada.

Check out www.mhc.ie for more information on Tech law.

Industrial paper shredding and media destruction are performed securely and confidentially by our team at Security In Shredding. For more information on our shredding or destruction services please contact us.

 

5 Data Security Tips To Protect A Company’s Sensitive Data

Posted on by
Reply

Secure Paper Shredding Hard Drive Shredding WEEE Destruction

For many small business owners, are aware of the potential data breaches that can occur. Secure document shredding is one method of data security but most people will think “It wont happen to me” and when it does happen it can cost the business upwards of €100,000 fine if data security was inadequate. For a small business, one data breach can destroy their reputation and customer confidence.

Below are 5 tips to implement data protection solutions that all small businesses can do today to protect their customers, their reputation and their people against data breaches:

  1. Implement a Clear-out Shredding Policy

Clear-out Shredding policies ensure all paper documents are shredded before being recycled or disposed. The Clear-out Shredding Policy removes any uncertainty around whether documents are confidential and require shedding. This simple step is one of the easiest ways to avoid human error including mishandling of confidential documents and files. In addition, all shredded paper is recycled, adding an environmental benefit to a security solution for businesses. Overall, it leaves little to be decided around the type of information that should not be deposited in recycling bins and waste paper baskets.

  1. Encrypt all electronic devices

Mobile devices are everywhere. There are more mobile devices than people in circulation. A workplace mobile will be used so employees can access the information they need remotely, which means company information may be exposed to greater security vulnerabilities. Encrypting all electronic devices is an important first step in securing information.

All electronic devices used by employees should be encrypted to protect sensitive data regardless for their own benefit and not just the company or organisation. In the event that electronic devices are lost or stolen, encryption will protect the information stored on the device and mitigate any compromising activity.

End to end encryption” is a term you should look out for especially when transferring data. Software applications can do the same function a number of different ways. Knowing how they operate is recommended.

  1. Maintain Clean-desk policy

A clean-desk policy encourages employees to clear their desk and secure documents in a filing cabinet or storage unit when they are away from their desk or office at the end of the day. This includes documents, files, notes, invoices, and removable digital media like memory sticks. Unattended and untidy work stations pose a greater risk as loose information is an easy target for theft. A clean-desk policy ensures that all confidential data is locked in a secure area.

  1. Protect Printers & Peripheral Devices

Implement a ‘best practices’ standard for printing confidential information. Encourage employees and staff to not leave documents unattended at a shared printing station. To strengthen security around printing stations, consider using passwords for printing jobs. A printer is connected to a network and can be an entry point for hackers to access a network. Any other peripheral device that’s connected to a network may need an added layer of security just in case.

  1. Designate a Security Manager

If your business or organisation does not have one, now is the time to assign someone to do it. While it is important to have senior management and leadership play a vital role in mitigating data breaches, engaging employees from all levels and cross-departments helps strengthen an organization’s focus and commitment on information security.

At Security In Shredding maintaining data security is a vital importance to us. We must comply with data protection laws. For more information on paper shredding and data destruction services, please get in touch with one of our staff for more information.

BYOD (Bring Your Own Device) to Work

Posted on by
Reply

BYOD policy

Is there a BYOD Policy in your Organisation?

Industrial paper shredding services that destroy confidential documents is a common practice for businesses and organisations. Data can be read on paper but also on electronic devices. We live in a world where there are more mobile devices than people in circulation and protecting this format of data must become common practice.

How well do you manage your policy? BYOD might be convenient for the employees but it brings additional risk of data breaches to the workplace.

BYOD refers to employees using their own smartphones, tablets, PCs, and other mobile devices, for work.

“The issue with BYOD is that it multiplies the number of networks, applications, and end points that company data may be accessed through.” If employees access their work emails via their smart phone the organisation still has a high risk of a data breach.

Therefore it is recommended that all size organisations become increasingly more pro-active regarding the use of BYOD to access work data.

Security in Shredding suggests the following guidelines to reduce the risk of data breaches:

  • Form a BYOD committee.
  • Create BYOD policies, such as limiting the amount of client information in emails, mandating a start-up password and inactivity time-out, and having data encryption.
  • Work with IT professionals to put security policies in place.
  • Work with HR professionals to educate employees about these policies.  “

There are more policies that can be incorporated that may better suit a companies needs for data security. As a result of putting these measures in place you are protecting the organisations sensitive data and you business.

Consulting with one of our data security experts at Security In Shredding. Data security is vital for our company to succeed and educating staff and clients on data security is paramount. Shredding confidential paper is just a part of our business, enquire about our media destruction service with one of our staff.

Summer Holidays? Tips to Maintain Data Security When You Work

Posted on by
Reply

data security when on holiday

Who doesn’t enjoy a holiday or time off. Scheduling a paper shredding service before the holiday or time off is recommended. This will help give a piece of mind that you are protecting your data and let you enjoy your holiday.

In today’s world employees pack their work tablets and have their smartphones with them when going on vacation/ holiday.

There are a number of employees who don’t like to fall behind in their work and like to stay connected wherever they travel to. This is possible due to the ever improving technology of wireless internet, smartphones, laptops, and tablets. These technologies have made it increasingly easier to work from home and from the side of the pool!!

But organisations may forget the importance of data security regarding these mobile devices. Many organisations have policies in place where by employees BYOD (bring your own device) and this permits the employee to use one single device for both work and personal purposes.

The upside is while employees remain productive outside of the office 24/7, the downside is that they can access corporate data from anywhere. The negative impact this will have is it increases the risk of data breach incidents and has created a whole new area of information security policies.

Security in Shredding have a few tips to ensure the confidential business information employee’s work on outside of the office remains secure;

  • Implement a Bring Your Own Device Policy and by doing so you are creating a culture in your organisation.
  • Implement a schedule regarding the organisations protection software whereby on set dates throughout the year the software is updated.
  • “Provide employee training and regular refresher training regarding information security best practises outside the office.”
  • Prior to leaving the office for a vacation, ensure to only take documents that are extremely necessary regardless of a hard copy of digital copy.
  • Only under extreme circumstances should you print confidential documents from electronic means outside the office.
  • If one must print off a hard copy, ensure that all documents are securely destroyed. At mentioned earlier scheduling a paper shredding or bag collection may be needed.

You can speak with a member of Security in Shredding’s Data Management Consultants for further information. Our mobile paper shredding service is available for scheduling.

 

8 Benefits For Responsible Document Shredding

Posted on by
Reply

confidential shredding, clean desk policy

At Security In Shredding our mobile paper shredding units are available and comply with data protection laws. Outsourcing an industrial shredding service will ensure your data security is maintained and securely destroyed.

Businesses, organisations and Institutions and people alike have fallen victim to identity theft and scams because of loss of information that a person used off of a stolen document. A person or employee must follow a correct procedure in the way they destroy paperwork with any kind of information on it (sensitive or not) in order to protect their customers. The list below are eight benefits that happen when a company performs document shredding.

8 Benefits of Responsible Document Shredding

  1. Document shredding gives company owners and customers a peace knowing that their information has been destroyed the right way.
  1. Shredding responsibly gives people the option of having the process taken care of by a third party. In some cases there is no need to buy expensive paper shredders if there is a company that can come to your job site and take care of the process for you. Most office shredders do not provide a secure data destruction.
  1. Shredding and then recycling paperwork keeps the landfills from filling up sooner than it should. Paper is one of the most used materials in circulation. Just about every house and company throws out paper on a daily basis. By shredding paper landfills will be around for trash that cannot be recycled for a longer period of time.
  1. In some cases shredding of personal information keeps a company compliant with Data Protection Laws in Ireland. The Data Protection Commissioner provides useful information about how to destroy or handle personal information.
  1. It gives customers and business owners an unspoken bond of trust knowing that they are looking at for the well fare of each other.
  1. From an environmental standpoint document shredding protects trees from being used for new paper products.
  1. Document shredding also provides a safe and clean way of waste disposal. A clean desk policy can help reduce having a bunch of loose papers sitting around the office taking up space.
  1. The process gives you the joy of knowing that you are doing your part to protect the environment and the personal lives of your customers. Companies that go out of the way to protect their customers will find loyalty and more sales because they are a trusted established business.

Security and Compliance are important words for us at Security In Shredding. Document shredding services are available both on site and off site. For more information please visit our site.

What To Keep & What To Shred: Document Retention Policy

Posted on by
Reply

Data Retention & data destruction

At Security In Shredding, document shredding is done with confidentiality and security is paramount when carrying out data destruction service. Data breaches occur when people are negligent or not aware of a breach. The most recent high profile story being the “Panama Papers” leak.

The Panama Papers is the latest mega data breach where millions of confidential documents from a Panamanian law firm were leaked, exposing offshore bank accounts – and possibly tax havens – for wealthy clients.

In light of this recent breach “I think we need to change the fundamental design of the way each and every document is created and managed,” –  commented Bill Anderson of cyber security company OptioLabs, in a cnet.com story about the Panama Papers.

While there are many aspects to data security, a sound document retention policy is one of the most important. Knowing what confidential documents to keep and which ones to permanently destroy should be of concern to everyone. Maintaining a clean desk policy will also help minimise the risk of confidential documents getting lost with other data.

This high profile case may sound like it won’t happen to you but the chances are that the data breach occurred by improper use or destruction of a data. All it takes is one wrong move for all your data to be accessed.

Below are some document retention policy guidelines to help keep your information secure.

  • Information Audits: Use audits to identify the types of documents the business produces, and to create an inventory and keep it updated.
  • How Long To Keep Tax Records? There are two parts to data retention: how long documents will be useful to the business, and how long they must be retained based on government and industry requirements. Checking with Revenue.ie on how long to retain your tax returns.
  • Fines – either way: While it’s law to keep certain documents, if you retain a record for too long you might also expose yourself to litigation risks and fines. Like most privacy laws, Data Protection Act compliance stipulates the record must be securely disposed of when the official retention period is over.
  • Emails: Records are paper files, digital documents, and correspondence including emails. According to wired.com, the Panama Papers leak included more than 4.8 million emails (as well as 3 million database files and 2.1 million PDF’s). If emails aren’t part of an important business or legal use or not subject to regulatory compliance, delete them within the appropriate time frame.
  • Controlled Access: Index all documents for easy retrieval. Store in a secure, locked location and/or in a password protected file. Control who can access sensitive documents and logging when this information has being accessed. Storing unwanted documents increases the risk of a Data Breach and adds to clutter.
  • Secure disposal: The only acceptable way to discard paper or digital documents when they are no longer needed is to completely destroy them. Industrial Shredding companies can dispose large quantity of documents, and outsourcing eliminates risk. Partner with a reputable shredding company that has secure chain of custody processes for information destruction. A Certificate of Destruction will document compliance and should be issued after every shred.

At Security In Shredding data security is equally important as confidential data destruction. An on site service or off site service is available throughout Ireland. Please visit our site for more information.