Yes, even in the digital age, document shredding is still a thing. And it makes perfect sense that it is, since physical file theft is indeed still a security threat. Even, “paper can be hacked”, so to speak, and many data breaches, involve the loss or theft of paper documents. According to the Ponemon Institute Shredit survey, “sixty-nine percent of healthcare tech and business managers reported that their organization had experienced at least one data breach in the past 12 months, and nearly 3 in 4 (70%) of those data breaches involved the loss or theft of paper documents or electronic devices containing sensitive information.” And yet, risk of a data breach isn’t the only reason why businesses should shred their business documents. In fact, there are at least five important reasons for shredding your business documents. We take a look at them below:
Because it’s the law
Several countries, particularly the US and in Europe, have long had laws and regulations in place requiring businesses to shred documents so that they can protect the privacy of their clients and customers. In the US, for example, there are several federal and state laws mandating that businesses must protect their customers’ and employees’ private information. Compliance with these laws often requires that certain documents be shredded. Failing to safely destroy documents that are technically no longer needed isn’t just risky, it’s actually illegal.
To protect your business
While cyber attacks resulting from ‘paper hacking’ might not be as sophisticated as social engineering attacks, corona cyber malware, or other cyber attacks, they can cause just as much financial and reputational damage. They are also far more common than you might think: The Incognito Forensic Foundation lists theft or loss of paperwork as one of the top 7 causes of data breaches as well as one of the trickiest to handle. Businesses, small and large alike, including private individuals participating in the ‘gig’ economy, need to pay special attention to this threat. Information that is just thrown out rather than properly disposed of becomes public information – ripe for public picking and a potential security breach. And if those documents do fall into the wrong hands because of improper disposal, the business that was in possession of them will be considered responsible for the breach and could end up facing millions of dollars in fines. Furthermore, don’t forget reputational damage: almost one in four Americans discontinue doing business with companies that have been hacked and two in three people find those companies to be less trustworthy.
And your employees
It’s not just sensitive customer information that needs to be kept safe. Your employee data does too and much of it can be found in your paperwork. Account data, expense and pay stubs, personnel files, performance appraisals, job applications and much more are especially sensitive and if stolen can lead to serious problems for your business and your employees. Shredding paper documents that are no longer needed is an important security measure for preventing data and identity theft.
To free up space
Long before we had to worry about freeing up disk space, we had to worry about freeing up physical space. Too much clutter, whether on our hard drives or in our offices, is too much clutter. By shredding unnecessary documents, you free up storage space needed for other documents you might still need to keep.
And reduce fire hazards
Bundles or stacks of old paper files and documents that are kept in your offices or storeroom, especially when they’re situated near a vent or electrical socket, are a major fire risk. When you shred and remove these documents, you can significantly reduce your fire risk.
What to shred, what to keep…
Before you get all head-over-heels giddy about the prospects of shredding a bunch of documents, you should first acquaint yourself with the guidelines regarding which documents to shred and which to keep. In the US, businesses should shred their tax documents, employment tax records, human resources records, business property records, bank statements and other financial statements, because all of these documents contain confidential and sensitive information. However, and this is a big ‘however’, they should only be shred after the IRS-recommended time period to keep them has passed. Corporate and LLC records, as well as contracts and other legal documents, deeds, and titles, should never be shred. For private individuals, of course, guidelines regarding the documents they should keep and shred are different. Birth certificates, death certificates, social security cards, marriage or divorce licenses, and passports, for example, should be kept. On the other hand, documents like pay stubs, bank statements, credit card or utility bills, and medical bills should be shred.
A note about shredding companies
If you decide to use a shredding company rather than shredding your documents yourself or on your business premises, look for a company that complies with information security legislation and that has procedures in place to ensure that your documents are never left exposed. The shredding company should also always follow a secure chain of custody from the time documents are collected until they are destroyed. Lastly, it should provide a certificate of destruction for your records so that you have proof that they were properly and securely destroyed.
By all means, embrace the digital age. Absolutely deploy all the digital tools and strategies at your disposal that will help your business grow. And unequivocally implement strong cybersecurity measures to keep your business safe. However, don’t abandon common sense security measures either. Don’t leave your business devices unattended or out in the open where they can be easily stolen; don’t give the wrong people access to your data; don’t leave important business documents laying around waiting to fall into the hands of cyber criminals. Shred instead.