April 13, 2015

Paper Shredder Data Security Risks

For many organisations, the end of the financial year means it's time to shred out-of-date documents that are no longer needed.  The majority opt to handle this themselves, using an office paper shredder and a 'willing' member of staff (perhaps coerced into it with the promise of extra coffee and biscuits!).  But the frustrations of dealing with a jamming shredder pale in comparison to the (largely unheeded) security risks.

The reality is that as well as wasting time and resources, using office shredders can greatly increase the chance of your confidential information falling into the wrong hands. 

With so many stories relating to serious security breaches hitting the press, it's understandable that organisations want to protect themselves from a potential breach.  A basic but essential first step is to ensure that unwanted confidential paperwork is securely destroyed. If you are looking to make your confidential information secure we have developed the following guidelines, based on guidance from NAID (the National Association of Information Destruction). 

Strip Shredding Is Not Secure
Many office paper shredders cut documents into vertical strips. The pieces of these documents can be easily reassembled, either manually or with readily available computer software programs, leaving businesses exposed to a potential data breach. Cross cut shredders used by professional security companies are far more effective, leaving documents virtually impossible to reconstruct.

Shredding Using An Office Shredder Takes Time
Employees may view shredding as an administrative chore that simply slows them down. Shredding document after document can be a time consuming task – in fact it has been estimated that it takes an employee five hours on average to shred 23kg worth of documents, compared to just under a minute taken by a professional shredding organisation to securely destroy the same amount. 

Personal Shredding Does Not Make Your Business Safe Or Compliant
In the event of a data breach or privacy violation, it is likely that you will be asked to provide proof that the information was securely destroyed. By using an office shredder, this simply isn’t possible. When you outsource your shredding to a credible third party, you should always receive a Certificate of Destruction to substantiate your compliance and complete your audit trail.

Employee Exposure To Sensitive Information Increases Risk
In many organisations, the shredding process is viewed as an administrative task to be handled by a junior employee, meaning that sensitive and confidential information is exposed to unauthorised individuals. Alternatively, senior management could shred their own documents, though clearly this is an expensive resource and is not the best use of their time. By employing a third party shredding services expert, documents can be easily posted into a locked console, eliminating valuable time wasted at the shredding machine.

Office Shredders Are Not Indestructible
According to some estimates the average office worker can use up to 10,000 sheets of paper each year, and of course much of this printed material is sensitive and should be shredded. Physically shredding piles of documents not only takes up valuable time, it can also cause office shredders to break down. A basic office shredder can’t always handle staples, binders, paperclips or other materials used to hold documents together and while the shredder is out of use, reams of sensitive and confidential information inevitably builds up, leaving your business vulnerable to a potential data breach. 

You can learn more in our guide on why outsourcing your shredding is more secure and efficient or read our real-life case study on how Shred-it became a "shredding fairy" for one small business driven to distraction by their office shredding machine.