Latest news
Tim McBride serves as the Vice President and General Manager of Secure Destruction Services for Recall North America. He is focused on driving improvements in safety, security, service and efficiencies, and is responsible for exploring potential new opportunities and emerging technologies within this service line. In this interview he talks about the practice and requirements of document shredding, and the risks of doing it wrong.Everybody who has ever worked in an office is familiar with those relatively small paper shredding machines. What other types are there? Is there a "right" and "wrong" way to shred paper documents?
There are numerous commercial shred options to choose from including strip shred and cross-cut, however the best way to protect your organization is to utilize a professional third party Secure Destruction provider with a closed loop chain of custody process in place with stringent controls that provide “end-to-end” security. Knowing a document’s lifecycle, from creation to destruction, is the first step to a fully functional records program. Establishing what each document is and where it is located will minimize the legal risk, regulatory compliance risk and annual expense of data management and storage.
Is shredding of confidential documents mandated by law for some entities in the U.S.? If yes, which ones? Is the manner in which it has to be executed regulated by law?
The Federal Government has specific compliance standards in place which is also true in Canada. As compliance laws and regulations evolve, company policies need to stay on top of the changes. Written data security programs and plans should be administered and re-evaluated and it is important to view your policies as a living document, not a list of laws set in stone.
Although certain government agencies do have shred size particle specification requirements (some of which require NAID Certification), they are not dictated by law but rather by internal policy. Regardless of an organization’s mission, securing and managing critical documents must be a top priority across every department. The goals to keep in mind are keeping mission critical information protected from unauthorized access and destroying physical documents so that they are unreadable and unrestructable. Further impacting the need for security are the many regulations that require the storage and security of important documents such as HIPAA and HITECH (health care), Sarbanes-Oxley and GLBA (public companies, financial institutions) and individual state regulations.
Spotlight
Cyber espionage campaign uses professionally-made malware
Posted on 20 May 2013. | A massive cyber espionage campaign has been hitting government ministries, IT companies, academic research institutions, and more.
Ransomware adds password stealing to its arsenal
Posted on 17 May 2013. | Microsoft researchers are warning about a new variant of the well-known Reveton ransomware doing rounds.
Application vulnerabilities still a top security concern
Posted on 16 May 2013. | Respondents to a new (ISC)2 study identified application vulnerabilities as their top security concern. A significant gap persists between software developers’ priorities and security professionals’ concerns.
IT security jobs: What's in demand and how to meet it
Posted on 15 May 2013. | Let's say you want a career in information security, where do you start? What credentials do you need? What are employers looking for? Read on to find some answers.
Hacking charge stations for electric cars
Posted on 15 May 2013. | Ofer Shezaf talks about what charge stations really are, why they have to be ‘smart’ and the potential risks created to the grid, to the car and most importantly to its owner’s privacy and safety.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.
 |
