Having a document destruction strategy in place is critical in a post-pandemic world.
As America’s workforce shifted to a more virtual environment, businesses were faced with a new set of problems and challenges for document security, storage, and destruction.
A new wave of cyber-criminal activity has been fueled by the pandemic. Employers must also be wary and alert to manage the level of security for their employees working remotely.
As the American workforce returns to the office, it is a good time to revisit document security and destruction policies and make sure every employee understands what they are and why they are so important.
Here are some things to look at again as your workforce returns to the office and shifts back to a more traditional work environment.
Why it is crucial to destroy old hard drives and data storage devices.
All companies depend heavily on electronic media to facilitate essential business activities. But when a data storage device reaches the end of its working life, data still needs to be secured or securely destroyed.
There is a good chance that your business only focused on critical operations during the pandemic. Unfortunately, the same challenges that you faced before the pandemic continue to be challenges that your business faces now.
Securely destroying old data devices is critical to protect yourself, your clients, vendors, employees, and others from any breach of sensitive data. Business owners large and small have a sacred obligation to maintain confidentiality.
And make sure that employees working remotely are destroying important documents just as they would in the office.
Stolen data can be used for a variety of purposes…none of them good. Identity theft, fraud, embezzlement, and other white-collar crimes can ruin a victim’s life. And in many cases, that victim could be you!
Aside from the ethical considerations, are you aware as a business owner that you are required to comply with privacy laws on how to dispose of data storage devices securely? If not, you could face significant penalties.
Some industries also face higher degrees of regulation due to HIPAA and FACTA laws already on the books. If you are not well versed in privacy laws, we suggest finding an expert such as an attorney, document shredding company, or data destruction company who can safely guide you through important compliance issues.
Here’s another important thing to consider. When you leave yourself exposed and suffer a breach, it could threaten the very existence of your business. Not only could you face theft from hacked accounts, but customers could also sue or abandon you. Partners and vendors may lose trust and refuse to work with you. Key employees could move on. Your reputation could be tarnished and have a significant impact on landing future customers.
What is a zero-trust security strategy?
For some businesses during the pandemic, out of necessity, employees may have been forced to use their own non-secure data devices to conduct work remotely. In other cases, you may have supplied employees with devices for use at home during the pandemic and some of these devices may have reached the end of their useful service lives.
Don’t think for a minute when your laptops, desktops, cell phones, and other electronics reach the end of their useful service life that you can take a hammer to them and be done with your data device security efforts.
It is a lot more complicated than that.
Business compliance is a critical reason to hire a firm that specializes in data device destruction. Although laws and rules can be somewhat inconsistent, businesses should adopt a zero-trust security strategy.
This means you should not trust anybody either inside or outside of your business. A zero-trust security strategy means following best practices instead of just doing enough to meet compliance standards.
Scammers are more sophisticated than ever.
Data theft and scan operations are more prevalent than ever after the pandemic. No business is too small or too big to become a victim of a sophisticated scam operation.
In fact, in many cases, scammers prefer to target smaller companies. They assume smaller businesses do not have the resources to put toward data security.
Making yourself a hard target on the front end, and protecting sensitive data on the back end, including the appropriate disposal and destruction of hardware, is a good step in the right direction.
Employees returning to work must be armed with as much knowledge as possible to guard against sophisticated scammers and data thieves. According to the Better Business Bureau, the six most common of these that businesses and employees need to protect against are:
- Imposters posing as a bank or credit card company pretending to verify account information but with the actual intent of gaining access to a business’s accounts.
- Scammers pretending to represent various government agencies who threaten to impose fines or take similar enforcement actions if a business does not pay fees or taxes.
- Fraudsters who offer businesses increased visibility through advertising, advanced search engine techniques, and business directories.
- Sending an invoice for services never rendered or trying to induce a business to pay for products they never ordered or received.
- Paying for goods and services with fraudulent checks from non-existent accounts.
- Scams involving tech support or ransomware demands.
Although every scam and every scammer are unique, most all share the same general characteristics. Here are some red flags to look for:
- They pretend to be someone you trust, either in the guise of a company, person, or government agency.
- They create a sense of urgency by setting a short deadline to respond.
- They use fear and intimidation, pressuring you to send a payment before you can check out their claims.
- They use wire transfers, gift cards, or other untraceable payment methods.
Based on what’s happened over the past year and a half, don’t be surprised if a potential scam is attached to some sort of pandemic-related issue. The same adage applies: If it sounds too good to be true, it usually is.
What do I do if I think I have been scammed?
Unfortunately, the best you may be able to do is to harden yourself against being a victim again. Getting lost money will be difficult.
Examine your current levels of security. Can you do more within your budget to enhance your protection?
If your company’s financial information was accessed or stolen as part of a scam, change as much information as you can. You may only need to change passwords, or you may have to close and reopen accounts.
If phones or computers were hacked, spend the money to have a top-tier security person either wipe the phone clean of malicious software or take other steps to ensure the breach no longer exists.
Develop a cybersecurity plan that looks at risks and identifies proactive mitigation efforts. Part of this should include a stringent password policy for all employees and their devices. Among other things, use two-factor or multi-factor authentication when possible.
Evaluate your data storage needs and processes. Scammers often nail a business through the back door. When you update with the latest security patches on your phones and computers, make sure your data storage is equally protected. Uncompromised data storage is critical, especially in cases where businesses are victims of ransomware schemes.
And finally, provide security training for your employees. Scammers know the weakest link in a business may be the human element. Don’t let that be the case in your business.
How do I choose the right data device destruction company?
If your business survived the pandemic, then congratulations!
Although you are gearing up on many different fronts, do not discount the many benefits of retaining a data device destruction company as an essential insurance policy for your business’s long-term health.
Data and device destruction is big business, and there are lots of companies to choose from. A few things you should look for in a vendor include:
Chain of custody. What are the company’s protocols to protect against a breach? Do they use tamper-proof containers, secured totes, and locked trucks during transit? Do they have secure and monitored facilities?
Certificates and documentation. Make sure the company provides certificates of sanitization for all media’s data that has been destroyed. It should include serial numbers, type of media, and how it was sanitized. Also, verify that documentation will be provided that shows an audit trail and proof of erased data.
Insurance. Does the company have liability insurance to adequately assume responsibility if there is a data breach or mishap? Also, ask about what kind of security training and background checks employees undergo.
Process. Get a detailed explanation of exactly how data devices will be destroyed and by what method.