Is Your Company Giving Away Sensitive Information Without Knowing It?

Client data. Employee tax forms. Medical records. HR disciplinary files. Canceled checks. Every company — no matter how small, and no matter the industry — keeps sensitive records.

Unless your company still uses typewriters and mimeograph machines, those records are probably stored on hard drives in your electronics. When it’s time to upgrade to new laptops and replace your bulky copiers with streamlined versions, the way you dispose of those outgoing devices may open your company to risk. While you may be happy to see those clunky old machines get gone, industrious thieves couldn’t be happier to see them coming. And file boxes of documents are even easier to access and mine for sensitive information.

Is your company putting its outgoing devices into the wrong hands? Ask yourselves these four questions to make sure your disposal method is truly a theft-proof one.

Which of our devices can hold sensitive data?

You probably know not to throw computer hard drives and paper medical records into the office park dumpster; after all, even a person with little tech savvy knows that those items are sensitive.

But what about fax machines? Photocopiers? Old company cell phones? They can all hold data. Certain fax machines and copiers store images of the documents you scan through them, and it’s shockingly easy for identify thieves to comb through that stored data to find Social Security numbers and bank information.

What else in our office stores sensitive information?

Your company probably stores confidential information in a few not-so-obvious ways. For instance, old employee badges can be dangerous in the wrong hands. They allow the holder to access parts of your facilities that are supposed to be for employees only. And if your company holds any patents on equipment, you have to be careful to not let those fall into the hands of competitors.

Then there are documents. Legal files, client lists, copies of checks, employee personnel paperwork: it’s your responsibility to keep these documents private until they’re destroyed.

 What are we doing with our discarded devices?
Many people know better than to leave old devices out by the curb for trash pickup, and instead make the effort to take them to an electronics recycling drop off point. Recycling is always the right choice, right?

Wrong. Even if your local government provides electronics recycling programs, your devices may not be safe with them. Devices that hold sensitive information should be destroyed in such a way that the data can’t be recovered by any means, and your local recycling company probably doesn’t have the technology or expertise to do that.

Whether it’s you, an administrator or someone else within your company, the person who’s in charge of discarding old electronics should be aware that recycling isn’t the appropriate choice for devices that store data.

How can we be sure that our sensitive information is really destroyed?

 For your peace of mind — and for your company’s legal protection — it’s important to choose a data destruction firm that’s committed to thoroughness and transparency.

First, make sure to choose an NAID “AAA” Certified company. Certification requires all facility employees to undergo a rigorous vetting process, so you can be sure that only skilled and trustworthy staff handle your company’s sensitive items.

The facility you hire should also have practices in place to secure your materials at every step of the process. For instance, Northeast Data Destruction provides locked bins that you can use to collect and transport sensitive documents for shredding, and we provide locked on-site storage to safeguard your electronics and documents before they’re destroyed.

Any data destruction company you hire should also be willing and able to answer all your questions at every step of the way. We know just how critical privacy and security are to you, and we’re here to help. Contact us today to find out how.