Running a successful business is a little like being a circus performer at times. Specifically, a plate spinner: someone who balances and spins a dozen plates, then rushes across the stage making sure that each one stays in motion. You have so many critical and time-sensitive matters to attend to each day. It’s understandable that you could let some of the smaller plates drop in service of the day-to-day stuff. Unfortunately, some businesses treat data destruction as one of those less important plates.
Maybe they’re diligent about shredding hard drives and bank statements, but don’t have any formal data destruction policies guiding the way other materials are handled. With so many moving pieces to manage each day, it’s easy to let slide the things that seem less pressing – until the luck runs out and a data breach happens. Instead of relying on luck, shore up your company’s security by making sure your employees know that these items are on your must-shred list.
Travel Documents
Do any of your company’s employees travel for work? If so, there could be sensitive information hidden in their boarding passes, itineraries and documents that are submitted for reimbursement. The company’s frequent flyer account number, the traveler’s personal details and partial payment information may all be printed on travel documents.
If the company arranges travel for employees, it’s also possible your office files contain employees’ passport numbers, driver’s license numbers and other pieces of sensitive information. The safest strategy is to require shredding for all documents related to company travel.
Junk Mail
What your company does with its junk mail is probably low on the list of things that concern you. A lot of unsolicited stuff that arrives in the mail can be recycled, like generic coupons and catalogues and anything that’s addressed to “postal customer.” Anything that comes printed with your company’s name, address and/or other personalized information should be shredded. So should any offers for credit cards or other financial services, as well as solicitations from vendors. Destroying these mailings removes any possibility of someone opening new services or placing orders in your company’s name.
HR Files
Most companies probably don’t have to be told to shred things like employees’ W2 forms and direct deposit paperwork when clearing out files from old employees. (EEOC regulations have requirements dictating how long employers must keep certain types of employee records.) But identity thieves may only need a few pieces of information to gain access to a target’s life. Paperwork that includes information like employees’ addresses and birthdates should be destroyed when it’s no longer needed.
Essentially, any documents that HR and payroll employees handle should be shredded rather than recycled. This includes old job applications and resumes from people you aren’t going to hire. Though they’re not your employees, it’s your responsibility to protect the information submitted by those applicants.
Employee Notes
Creating and enforcing data destruction policies is about avoiding identity theft and data breaches. It’s also about protecting proprietary information from reaching your competitors. Things like scratch paper that employees use to take notes during meetings and sticky notes they leave on each other’s desks can contain such information. Any paper on which employees jot handwritten notes should be shredded.
If you’re going to be really thorough about data destruction, employees should know to put all phone messages in a to-be-shredded container. These paper slips reveal information about your customers, vendors and projects that could be damaging if a desperate competitor found them in your recycling bin.
Badges, Cards and More
The average home shredder can’t destroy anything that’s much thicker than a few sheets of paper. Commercial shredders can handle nearly anything, so there’s no reason to throw away things like old building access cards, obsolete employee ID badges, company credit cards, memory cards and plastic sales or training binders. Everything with a magnetic strip or memory chip should be destroyed rather than trashed. The same goes for anything proprietary, like building models and product samples.
Even the most innocuous scrap of paper can pose a data security threat. Since it’s better to be safe than sorry, why not adopt a policy of shredding every piece of paper that is ready to be discarded? Have you thoughts about the types of data your company unintentionally exposing? Anything that goes into a trash can or recycling bin becomes accessible to others. Shredding is the truly secure approach to data destruction. Trust your sensitive data to Northeast Data Destruction. Get in touch to learn more about how we can help.