Shred-it Dispels Five Commonly Held Information Security Myths
LONDON, October 4, 2016 /PRNewswire/ --
UK businesses need to separate data security fact from fiction as 2017 planning gets
underway, the UK's leading information security company Shred-it said today.
Planning for the new business year often means handling a lot of confidential
information. Â But if companies don't know information security fact from fiction, their
private data is at risk.
Understanding and prioritising information security is critical to business success,
as data breaches significantly damage reputation and the bottom line. Why risk it? To help
put information security at the forefront of 2017 planning, Shred-it is busting five
commonly-held myths and giving businesses the facts they need to keep confidential data
secure.
MYTH 1
Confidential information can be thrown into a wastepaper or recycling bin as long as
it's torn into little piecesÂ
If you think tearing up confidential documents before disposing of them removes the
risk of a security threat, then think again.
The reality is that it is much easier to reconstruct torn up documents than you may
think - even documents that have been through a workplace strip-cut shredder. Anything
confidential from employee payslips to invoices, from emails to meeting agendas are in
danger of being targeted by fraudsters.
Put a 'Shred-it All' Policy in place - a company-wide instruction that all paper
documents should be securely cross-cut shredded when they are no longer needed.
This policy reduces the likelihood of employees making a mistake, as any choice or
uncertainty around what needs to be destroyed is removed. You can rest easy in the
knowledge that any risk of 'destroyed documents' being craftily reassembled is gone!
MYTH 2
Keeping documents on my desk at work is safe.Â
We've all been guilty of allowing our desk or work area to become cluttered and
chaotic. We get it - you're super busy, sorting your way through countless documents on a
daily basis.
Workspaces are a hotbed for  sensitive information, from weighty business documents to
'harmless' sticky notes containing names, phone numbers, or passwords (information that
could easily go astray if left sitting on a desk).
Adopting a Clean Desk Policy which requires staff to lock away all information
(documents, letters, binders, books, etc.) when leaving their workstation is a must for
any business (large and small) that wants to take data security seriously. Â
MYTH 3
My colleagues know what information is confidential and what isn't.Â
If you're not 100% clued up on what exactly should be treated as 'confidential' then
the chances are your colleagues won't be either! Many businesses are even of the belief
that customary day to day documents such as email memos and sticky notes provide no threat
to their organisation. This lack of awareness is putting your business at risk! In fact,
95% of all security incidents involve human error[1] - showing how easy it is to make a
mistake when you don't know your facts.
The solution? Better training. Some 56 percent of C-Suite executives say that their
staff are trained only once a year or less, while 14 percent say they train their staff
only on an ad-hoc basis or not at all[2]. Businesses need to ensure that training
programmes are carried out on a much more frequent basis (monthly rather than yearly).
Firms also need to make sure that any training is truly tailored to what the business
stands for and what their employees really need! Put simply, a generalised yearly training
session just doesn't cut it anymore!
MYTH 4
Using your own smart phone or another device at work is fine as long as it's password
protected.Â
Employees being allowed to use their own devices - known as BYOD (bring your own
device) - can bring lots of advantages, allowing employees to work 'anywhere at any time'
and often boosting productivity.
But BYOD can greatly increase the risk of a data security breach as the security on
personal devices is not always adequate. Even if they are password protected, all devices
should be encrypted to protect the confidential information stored on them.
If you allow your employees to bring their own devices, then make sure that you have
dedicated security programmes in place to protect the pathway from the personal device to
your corporate systems. What about a 'Choose Your Own Device' strategy? - purchasing
devices for your employees who can use them both on and off the job. This brings together
the best of both worlds - the same flexible benefits for employees, while safeguarding a
company's data from external and internal threats.
MYTH 5
Erasing data from a hard drive completely removes the information.Â
Once data is erased from a hard drive, the information is gone for good, right?
Unfortunately this is not the case. Deleted files and highly confidential data can almost
always be recovered by a determined individual using the right technique and equipment.
Simply deleting information therefore is not enough. To truly protect both employees
and customers, professional destruction will ensure the equipment is beyond repair. In
other words, while technology is dramatically increasing information security capabilities,
a bit of old school hard drive data destruction is also strongly advised!
About Shred-itÂ
Shred-it is a world-leading information security company providing information
destruction services that ensure the security and integrity of our clients' private
information. A wholly-owned subsidiary of the US-based business to business services
company Stericycle, Shred-it operates in 170 markets throughout 18 countries worldwide,
servicing more than 400,000 global, national and local businesses. For more information,
please visit http://www.shredit.co.uk.