Year-End Bulk Paper Shredding Tips

Annual Document Clean-Out Time!

Note: This post was originally published in 2014 and was updated in December 2017 with additional information.

As the end of the calendar year approaches, it's time to reclaim your storage space by clearing out expired documents and files. A one-time purge shredding service is a great document management option. It's also the recommended method for disposing of forms and other documents that contain sensitive information or that are now beyond their retention period.

What Business Documents Should I Shred?

You should always shred any documents with sensitive information, rather than placing them in the trash or disposing of them through standard recycling. All businesses should consistently protect the confidentiality of their customer data, employee information, and business strategies.

First, sort through documents and files for items that are out of date or beyond their retention period. Any old items which are beyond their retention period and contain sensitive information about your business (such as strategic reports and tax records), your customers, clients, or employees (such as credit card receipts, employee social security numbers, or customer contact lists) must be shredded.

If you have any questions regarding what documents to keep and which ones to shred, consult our Record Retention Schedule.

How to Prepare for a Bulk Paper Shredding Service

Preparing for a bulk paper shredding service is easy. Start now and be on your way to a clutter-free space for the new year! Here are some of our top tips to get started:

1. Stay Organized

File archiving policies and processes can make life a lot easier.

2. Understand Your Document Disposal and Retention Policies

If this is your first time completing a year-end purge, you may be tempted to dive straight into the task at hand. However, make sure you have a good grasp on which files should be saved and which papers can be safely disposed of. It's extremely important to know exactly which documents contain sensitive information requiring shredding. Before you review your files, consider sending a message to your entire team, or scheduling a meeting to keep all staff members informed of your retention and destruction policies and procedures.

3. Use a Designated Shredding Container

Designate bins, storage boxes, bags, or cabinets for transferring and holding your old documents so that you can efficiently manage your cleanout process and keep old files secure. This will make your next annual cleaning session much easier, too, since the documents that require purging will all be in one place. The document storage strategy we recommend to all clients is to use designated locking containers (provided free of charge to our Routine Service clients). This provides the office with a secure and convenient disposal center for all employees to use when purging files that contain sensitive information.

4. Sort Through Your Digital Files Too

Bulk document purges usually focus on printed paper, but you should be conscious of the fact that electronic media also requires attention to the proper storage and disposal methods. Businesses should have policies and procedures in place for archiving and access to digital files and server drives. Companies also often allow outdated electronic media, such as unused computers, servers, floppy discs and hard drives to pile up in storage areas. Allowing these items to collect dust can create unnecessary exposure to a security breach. You must securely destroy the hard drives before disposing of old computers and copiers. Recycling these machines will not afford you adequate protection from a security breach.

5. Hire a Professional Shredder

Some companies rely on in-house office shredding machines to destroy their documents, but ordinary office shredders tend to be inefficient, unreliable, and do not provide optimal security. Shredded office paper that is simply placed in trash or recycling bins can easily be stolen and reconstructed. Additionally, DIY shredding is usually not cost effective when you consider the time it takes to accomplish. This is why partnering with a professional shredding company is well worth the investment.

6. Choose the Right Shredding Partner

There are plenty of professional shredding companies in the market, but but it's important to partner with a team that is easy to work with and provides cost-effective service. You should also ask these questions:

  • Is the company NAID certified?
  • Do you offer flexible scheduling?
  • Are on-site and off-site shredding options available?
  • Do you provide a Certificate of Destruction after each shredding engagement?
  • Do you offer free, no-obligation estimates?
  • Do you carry adequate insurance that will protect my company including General Business Liability and Errors and Omissions coverage?

Shred One is proud to offer all of these benefits. You can learn more about our commitment to our customers on our About Us page.


AAA Certification logo from the National Association for Information Destruction

Why Your Shredding Company Needs the AAA NAID Certification

As a professional paper shredding and information destruction company, Shred One has an obligation to maintain outstanding information security practices at all levels of our business. This commitment to protecting the privacy and information security of our clients is verified by our NAID certification.

Here are some of the reasons that those searching for an information destruction services partner should always choose a AAA NAID Certified shredding company.

What is the NAID?

The National Association for Information Destruction (NAID) is an international trade association for information destruction companies. With the goal of promoting secure and ethical business practices across the shredding industry, NAID offers a rigorous AAA Certification program allowing shredding companies to demonstrate their commitment to top-tier data security standards.

A requirement for hundreds of government offices and thousands of private contracts, NAID certification is overseen by a review board comprised of both industry veterans and current accredited professionals. The service is also recognized by leading accreditation programs such as the International Association of IT Asset Managers and the Sustainable Electronic Recycling Institute (SERI).

Why is AAA NAID Certification Important for Shredding Customers?

Those companies who become AAA certified must adhere to a strict code of ethics and stringent standard operating procedures. Providers must have written policies and procedures regarding all facets of the information collection and destruction process as well as incidence response preparedness and employee training. All member companies must also submit to both scheduled and random security audits to ensure continual compliance with NAID requirements.

In short, the AAA NAID Certification provides these guarantees to customers:

  • The company will be regularly audited, including scheduled AND random unannounced security audits.
  • The company's staffing practices will be overseen by a board of industry leaders who continuously scrutinize things like employee background checks and drug screenings, training, drivers licensing, regulatory compliance, security practices and confidentiality agreements.
  • The company is aligned with all proper regulations, including HIPAA, FACTA, GLBA, etc.
  • The company has all proper insurance coverages, including general liability insurance (aggregate or umbrella) of at least $2,000,000.
  • The company will train and test all access employees annually on policies and procedures in order to ensure that best practices are followed in maintaining security protections.
  • The company has pledged to uphold a strong code of ethics, including promises to always be honest and truthful, to uphold the integrity of the industry, and to always price services accurately.


Photo of a mobile shredding truck with a secure bin

Mobile Paper Shredding Trucks

Partnering with a professional data destruction company with on-site paper shredding trucks is the perfect solution when you need quick, secure, and cost-effective destruction of sensitive documents. Our mobile paper shredding trucks are equipped with video monitoring and high-capacity shredders for fast and efficient destruction of bulk materials. Our vehicles take the hassle out of document destruction by bringing professional mobile paper shredding right to your front door.

 

Mobile paper shredder truck

Mobile Shredding Equipment and Specs

Each vehicle in our fleet of mobile paper shredding trucks is capable of shredding up to 7,000 pounds of paper per hour. These fully automated systems provide optimal security and peace of mind.

Fleet Specs:

Truck Length 24' box
Payload Capacity 10 - 12,000 lbs
Throughput Up to 7,000 lbs/hr
Meets EPA emissions standards
Hydraulic lifts and bin tunnel loading
Live viewing monitors for clients
Shredding style Pierce-and-tear
Shredded documents are securely transferred to paper mill
for recycling into paper towels, tissue paper, etc.
More information: Download brochure

A Shred One mobile shredding truck lifting a shredding bin on site.

Our routine scheduled service customers also receive secure locking collection containers free of charge. These containers allow for secure and convenient storage of documents in between service calls. There are multiple options and sizes to choose from based upon your office's paper volume, frequency of service and security needs.

Bin Container Specs:

Executive console shredding bin
Locking Executive Console
Locking shredding bin
Locking Bin
Capacity approx. 100 lbs. 64 gallons (approx. 225 lbs), or
95 gallons (approx. 350 lbs)
Size 35" x 16" x 19" 40" x 29" x 23", or
46" x 34" x 27"
Tamper-proof Tamper-evident locking door Tamper-proof locking mechanism
Reinforced lid
Top loading slot
Front loading slot
Wheels
Top surface available
for storage
Material Melamine laminate High-density polyethylene plastic
Color Light grey Dark grey

Benefits of Mobile On-Site Shredding

Our mobile paper shredding trucks are available for routine scheduled service customized to meet your needs (usually daily, weekly or monthly) with a flat fee per pickup. This includes our secure locking collection containers which are provided free of charge. We also offer purge services for periodic cleanouts of larger volumes of paper. On-site mobile paper shredding is cost effective, and offers the perfect alternative to inefficient, and unsecure in-house shredding. The convenience of mobile paper shredding encourages compliance with privacy laws, reduces your risk of a security breach, and allows you to dispose of large quantities of sensitive documents with ease.

We offer a drop-off service for customers who are able to transport their papers and sensitive documents on their own, but for most customers, this process is too cumbersome. With on-site mobile shredding, we will bring professional-grade equipment to your doorstep so you don’t have to worry about the hassles of shredding or transporting your documents on your own.

Our Process:

At the completion of the visit, you'll receive a Certificate of Destruction to demonstrate your compliance with privacy laws and your commitment to security.

Note: This post was originally published in 2014 and was updated in 2017.


Dental Records Retention and Destruction

Managing Records at a Dental Office

As with any business, document retention and destruction are two key factors in running a well-managed office. Managing a dental retention schedule and proper and timely destruction is critically important to avoiding excess accumulation of data, improving environmental impact, properly managing records, and securing protected health information.

The most common record-keeping errors, noted by the American Dental Association, include:

  • Undocumented treatment plans
  • Undocumented or not regularly updated health histories
  • Undocumented patient assessment

Incomplete documentation and a lack of organization are the primary record-keeping errors found in dental offices. A written dental record-keeping policy and records retention schedule that is easily understood and followed by all staff, can help to keep records organized and ensure proper retention. In addition, dental offices can more easily and systematically identify records that need to be destroyed, which can clear space of unnecessary documents, allowing for easier management of all documents and help to avoid record-keeping errors. There are several guidelines that may be followed for efficient dental records retention. Follow these steps to keep your dental practice from avoiding errors in documentation and to remain regulation-compliant.

Create a Dental Records Retention Schedule

document management policy outlines a protocol for handling secure documents, including creation, management and proper disposal. A detailed policy is crucial to maintain information security across your business. In the case of any information breach or damage control situation, the proper protocol should be detailed and understood by all employees.

A crucial element to the proper destruction of documents is a record retention schedule. Retention periods and disposal method may vary by location, but the general format of the calendar can be arranged with this template.

In the healthcare industry, any patient-specific documentation must be handled according to HIPAA requirements in order to ensure privacy and security. However, HIPAA does not regulate retention of medical or dental schedules; this is mandated state-by-state. To create a records retention schedule for your dental practice, refer to your state dental records retention policy below:

State Retention Period State Ruling Organization
Alabama 2 years Alabama Dental Association
Alaska 4 years Alaska Board of Dental Examiners, Statutes and Regulations
Arizona 6 years Arizona State Legislature
Arkansas 2 years Arkansas State Board of Dental Examiners
California 7 years Dental Board of California
Colorado 7 years Colorado Dental Board
Connecticut 7 years Connecticut General Assembly
Delaware 7 years State of Delaware
Florida 4 years Florida Administrative Code
Georgia 10 years Georgia Board of Dentistry
Hawaii 7 years Hawaii Department of Accounting and General Services
Idaho 5 years Idaho Department of Health and Welfare
Illinois 10 years Illinois State Dental Society
Indiana 7 years Indiana General Assembly
Iowa 6 years State of Iowa
Kansas 10 years Kansas Dental Board
Kentucky 7 years Kentucky Legislative Research Commission
Louisiana 6 years Department of Health & Hospitals
Maine 11 years National Center for Biotechnology Information
Maryland 5 years Maryland State Board of Dental Examiners
Massachusetts 7 years Board of Registration in Dentistry
Michigan 10 years Michigan Dental Association
Minnesota 7 years Office of the Reviser of Statutes
Mississippi 7 years Dental Examiners of Mississippi
Missouri 7 years Missouri General Assembly
Montana 3 years Montana Dental Association
Nebraska 10 years Nebraska Dental Association
Nevada 5 years Nevada State Board of Dental Examiners
New Hampshire 7 years New Hampshire Dental Association
New Jersey 7 years New Jersey Division of Consumer Affairs
New Mexico 6 years New Mexico Board of Dental Health Care
New York 6 years New York State Dentistry
North Carolina 10 years North Carolina State Board of Dental Examiners
North Dakota 6 years North Dakota Board of Dental Examiners
Ohio No state ruling Ohio Dental Association
Oklahoma 7 years Oklahoma Board of Dentistry
Oregon 7 years Oregon Board of Dentistry
Pennsylvania 5 years Pennsylvania Dental Association
Rhode Island 5 years Board of Examiners in Dentistry
South Carolina 5 years South Carolina Legislative
South Dakota 10 years South Dakota Dental Association
Tennessee 5 years Effective Rules and Regulations of the State of Tennessee
Texas 5 years Texas State Board of Dental Examiners
Utah 5 years Utah Division of Occupation and Professional Licensing
Vermont 3 years Vermont State Archives and Record Administration
Virginia 2 years Virginia Board of Medicine
Washington 4 years Washington State Department of Health
West Virginia 7 years West Virginia Legislature
Wisconsin 10 years Wisconsin Dental Association
Wyoming 5 years Government Publishing Office

For patients using Medicare or Medicaid Services, records are required to be retained for at least five years for claims and billing purposes (as per The Centers For Medicare and Medicaid Services requires that Medicare and Medicaid).

For documents other than dental records, the following retention and destruction methods should be adhered to:

Document Type Retention Period Disposal Method
Clinic appointment calendars 6 years Shred
Clinic schedules End of quarter Shred
Daily script journal 6 years Shred
Insurance billing records 6 years Shred
Patient billing records 6 years Shred
Patient charts 30 years Shred
Patient payment records 6 years Shred
Prescription records 6 years Shred
Refunds 6 years Shred
Treatment contracts 6 years Shred
Job applications 1 year Shred
Employee Benefit Plans 1 year Shred
Leave forms 3 years Shred
Employee identification (I-9) 4 years Shred
FICA payments 4 years Shred

These retention schedules are intended only as a guide. Before destroying any records, it is advisable to confer with your attorney, CPA, or other legal advisor.

Create a Dental Records Destruction Policy

The Department of Health and Human Services requires that “…covered entities must implement reasonable safeguards to limit incidental, and avoid prohibited, uses and disclosures of PHI, including in connection with the disposal of such information. In addition, the HIPAA Security Rule requires that covered entities implement policies and procedures to address the final disposition of electronic PHI and/or the hardware or electronic media on which it is stored, as well as to implement procedures for removal of electronic PHI from electronic media before the media are made available for re-use.”

In order to comply, records retention plans should include a clear policy for records disposal. Key terms include:

  • Proper handling of old prescription bottles in transparent bags and locked until retrieved by disposal company.
  • Proper destruction methods. Even seemingly unreadable documents must not be trashed or recycled, but rather shredded by a vendor trained and certified in HIPPA regulations regarding document destruction. This will ensure security of personal information will be properly destroyed, but will also remain secure in transit if necessary.
  • Destruction and purging of any hard drives containing personal health information.

All documents or hard drives that are awaiting destruction should be stored in secure, lockable, paper collection containers. Electronic records and hard drives must be destroyed as well in a timely manner and in accordance with HIPAA regulations.

Partnering with a fully, HIPAA-compliant, NAID certified shredding company is the best way to assure your documents are destroyed properly.

Choose a Professional Shredding Service

A trusted document disposal method is the equally-important counterpart to a document retention method. When the proper policies and regulations are understood, a company can make an informed decision on which professional shredding service they should partner with. A shredding company will specify if their services are compliant with the regulations specific to your industry.

The mobile and on-site shredding services offered by Shred One provide routine shredding based on any schedule of document management. The benefit of this shredding service is that the specific shredding schedule that a company policy dictates can be met routinely and efficiently.

Take these steps at your practice and keep you staff informed and empowered to implement the retention and destruction plans to ensure patient information security, reduce risk, and improve office organization.


Why Document Destruction Should Be Left to the Pros

Why You Need Professional Shredding

Shredding is a crucial task for the responsible protection of sensitive information about your company, its clients, and employees.

A professional shredding partner can guarantee that personally identifiable information (PII), business secrets and other sensitive information contained in your documents and on your hard drives are safely and securely destroyed. Compared to professional shredding services, manual shredding is inconvenient, costlier and, ultimately, less secure.

Here are the top reasons you should leave your shredding to the pros:

5 Reasons to Use a Professional Shredding Service

Public domain image of a paper shredder via WikiMedia Commons1. Office shredders are inadequate.

More often than not, the shredded material from your office shredder is fairly easy to reconstruct. Shredded document reconstruction software is available specifically for the purpose of recreating these documents. If your shredded documents are thrown away with the rest of the garbage, you are inviting the bad guys to take them!

2. Manual shredding can cost twice as much as a professional shredding service.

Think about this: the average small office spends 15 minutes of personnel time each day on document shredding. When you take into account wages and benefits for your staff, as well as depreciation and maintenance of the shredder, it costs an average of $95.00 per month to shred with your office shredder. Our scheduled routine services start at about half of this cost.

Visit our Shredding Cost Calculator to learn the true costs of shedding in-house, and how professional paper shredding can save you time and money.

3. Employees shouldn't be responsible for shredding their own information.

A common-sense approach would dictate that lower level employees should not be tasked with destroying sensitive payroll or human resource information. Do you want a disgruntled clerical employee to be able to hand your proprietary information to the competition or otherwise disclose it to the public? The better solution is to thoughtfully select a secure paper shredding service and get the job done right.

4. Routine shredding reduces your risk of a lawsuit or exposure in an audit.

Document shredding, in and of itself, provides no record of compliance. Creating a document retention and destruction policy that includes the use of a professional shredding company's scheduled routine service will demonstrate* that you are not arbitrarily choosing documents to destroy in advance of an audit or lawsuit. In the event of a privacy violation, audit or complaint, you may be asked to produce proof of destruction.

At Shred One, all customers receive an official Certificate of Destruction as proof of your commitment to compliance with a document retention and destruction policy as well as your commitment to security.

*Be sure to consult legal counsel for individualized advice.

5. Secure destruction is a requirement.

The past two decades have seen a dramatic increase in the number of privacy regulations with which businesses must comply. Since 2005, the Fair and Accurate Credit Transaction Act (or FACTA) has required all businesses that offer credit to destroy any and all personal information relating to an individual prior to disposal. HIPAA is a primary concern for anyone handling medical records. Numerous privacy regulations dictate safeguarding standards for the confidential information contained in legal documents, and The Gramm-Leach-Bliley Act (GLBA) requires financial institutions (broadly defined) to safeguard the consumer information they collect. These are just a few of the regulations requiring businesses to safeguard confidential information. In any case, a customized shredding solution provides an essential tool for compliance.

Partner with a Professional Shredding Company

Partnering with a certified, trusted professional is an important first step to ensuring the security of your business accounts and information.

Shred One has been providing professional document destruction services since 2004. We have gained an outstanding reputation for quality, dependability, and first-class customer service as one of the largest independently owned commercial shredding companies in the Delaware Valley, servicing Southeastern Pennsylvania, New Jersey and Delaware. We are AAA NAID Certified Members of the National Association for Information Destruction and adhere to its strict standard operating procedures and code of ethics.

Shred One shredding facility shredderView Our Services


Close up archival photo of a reconstructed shredded document

Is it Possible to Reconstruct Shredded Documents?

Shredded Document Reconstruction

The thought of reconstructing shredded paper invokes images of long, solitary hours spent sifting through paper shreds and painstakingly lining up all the tiny strips of letters and pictures.

If you've ever shredded a document that contains private information, the thought of someone successfully piecing it back together probably concerns you. Dumpster divers and information thieves could use your reconstructed documents to steal your identity, your money or your business secrets. Unfortunately, under the right circumstances, some shredded documents can be reconstructed. Document reconstruction requires special tools on the part of the security thief, but it also usually requires a lack of diligence on the part of the victim.

 

Image of a reconstructed shredded document seized from the US Embassy in Tehran in 1979 (Public Domain via Wikimedia Commons)
Document seized from the US Embassy in Tehran in 1979 by Iranian students (Public Domain via Wikimedia Commons)

Reassembling Shredded Documents by Hand

Reassembling the shreds of a destroyed document used to take many long and patient hours, but it was still possible.

Photo of shredded documents at the US Embassy (Public Domain via Wikimedia Commons)

One of the most famous examples of reconstructing shredded materials occurred after the 1979 Iran hostage crisis. When the last CIA officers left, Iranian students seized the US embassy in Tehran and spent years deciphering the shreds of documents left behind, including intelligence reports and operational accounts. The documents were eventually released to the public, causing damage to US national security interests for years to come. (These events were dramatized in the Oscar-winning film, Argo.)

"Shredding the evidence" was again in the public spotlight during the 2001 Enron scandal. Enron executives attempted to cover their tracks by destroying paper trails, but their documents were reconstructed by the FBI and SEC and used as evidence in the case against them. It is worth noting that the Enron case also led to the enactment of the Sarbanes-Oxley Act, which includes provisions increasing criminal penalties for destroying, altering, or fabricating records in federal investigations.

In these early days of manual reassembly, most paper shredding machines created vertical strips. If they had employed pierce and tear or cross-cut technology, the tiny remnants would have made reassembly an exponentially more difficult task.

Shredded Document Reconstruction Using Computer Software

In our age of booming technology, the risk of hacking and data breaches includes the use of (excuse the pun) cutting-edge software programs to reconstruct shredded documents. These programs use matching algorithms to intelligently piece the remains of shredded papers back together after they have been scanned. This form of artificial intelligence works with a speed that changes the process of document reconstruction from one which used to take days, weeks and even years to a high-tech enterprise which can achieve the task in a small fraction of the time.

Shredded document reconstruction technology has become even more well-known since a DARPA competition successfully encouraged programmers to develop accurate "unshredding" technology. (DARPA is an agency housed within the Pentagon that is also responsible for famous innovations like GPS, voice-recognition technology, and the Internet.) The unshredding challenge was meant to "assess potential capabilities that could be used in war zones, but might also identify vulnerabilities to sensitive information that is protected by shredding practices throughout the U.S. national security community."

While this challenge aimed to create a great tool for "the good guys," the success of the challenge (the $50,000 prize went to a team called "All Your Shreds Are Belong To U.S.") still illustrates how advanced software in the wrong hands could be used against a business which isn't sufficiently protecting their sensitive information.

How to Prevent Shredded Document Reconstruction

Even though software exists that can piece shreds back together, it can't handle everything. For one thing, smaller shreds make it harder to put the original document back together, so it's imperative to employ pierce and tear or cross-cut shredding.

It can also be nearly impossible to sort out the pieces of a single document when the shreds are mixed with hundreds or even thousands of other documents. Reconstructing paper from one source with one frame of reference is easier than sifting through pieces of paper from many sources and trying to connect them. Imagine if you had to sift through mountains of puzzle pieces from many different puzzles in order to put a jigsaw puzzle together. This is a huge advantage for those using professional shredding.

Remember, too, that all shredders are NOT created equal. Short of disposing of sensitive documents without any shredding, common strip-shredders found at office supply stores are your least secure option. You're much better off trusting a professional shredder that can turn your documents into tiny shreds that dramatically decrease your risk of an information breach.

Shredding companies should also guarantee that your documents won't turn into public confetti at the Thanksgiving Day Parade—yes, that famous Police Department "oops" actually happened just a few years ago. So be sure you know where your shreds end up after they leave your facility.

At Shred One, we shred millions of pounds of paper every month, using high-grade pierce and tear and cross-cut technology. This means your shreds are small and mixed in huge piles that would take years to sort through. As a AAA NAID Certified company, we are required to dispose of shredded paper in a responsible manner. Our shredded paper is turned into pulp—at which point it is really no longer paper; it becomes a sloppy, soupy mess—which is then recycled into other paper products. It cannot be used for animal bedding, filling cartons, or Thanksgiving confetti. We also provide a Certificate of Destruction (view PDF sample) as proof of your commitment to data security.

Partner with a Professional Shredding Company

Partnering with a certified, trusted professional is an important first step to ensuring the security of your business accounts and information.

Shred One provides document destruction services to businesses in a variety of industries in an effort to protect business and consumer information and keep businesses compliant with HIPAA, FACTA and other industry regulations.


Hard Drive Disposal Checklist: What to Do BEFORE Shredding

What Should You Do Before Hard Drive Disposal?

Information security should be top priority when a business is migrating to new laptop or desktop computers.

A company machine typically contains large caches of sensitive information, such as credit card numbers, bank account and other financial information, passwords, legal documents and more. Since this digital information needs to be protected, professional hard drive disposal plays a key role in technology transitions and should be written into official company policy. Shredding is the best way to ensure critical files are completely inaccessible to trash looters, data miners, and other thieves.

This raises an important question: What should be done with your hard drives before they are sent out for shredding?

Hard Drive Disposal Checklist

Any information that was on your hard drive will be completely inaccessible after destruction. So, it's imperative that you save, copy, or archive any data, files, programs or settings that you'll need on your new machine or storage drive.

Business files you may want to copy before hard drive disposal include:

  • Legal documents
  • Critical business data
  • Emails
  • Creative design files
  • Application licenses
  • Bookmarks
  • Browser settings

Individuals should also take care to collect these important personal items from old hard drives:

  • Family photos
  • Music, videos, and other media files
  • Saved passwords
  • Personal financial information and budget spreadsheets
  • Personal emails
  • Notes

Once important files are identified, you need to determine where the files will go. This may be on a new PC or a new external hard drive, in the cloud (in a Dropbox or Google Drive account, for example), or on a company server. Next, determine how to move them there. This may entail simply plugging a flash drive into your old computer then copying the files to the new machine, or it may be more complicated. Be sure to consult your IT service provider for assistance.

During this process, it can be very helpful to establish an archiving rule. Files that are no longer used on a regular basis or are of a certain age (possibly 3 years or so) are best stored in a separate folder/drive/DVD where they won't clutter your day-to-day folders.

Another important step is to make a list of software on the old hard drive. Make a special note of any pieces of software with paid licenses. There may be some apps that you need to deactivate and de-authorize, while others have licenses that you should transfer to the new hard drive. Some applications may be freely downloaded on the new machine, such as a free web browser like Chrome or Firefox. It can also be helpful to make a list or save a screenshot of your browser plugins, bookmark folders and other personal settings that you'll want to replicate on the next machine.

Once you've completed these steps, you're ready to dispose of your old hard drive. But what's the best way to do that?

The Best (And the Worst) Hard Drive Disposal Methods

Let's start with how NOT to dispose of your hard drive. Lay people, IT consultants, savvy business owners and imaginative TV show writers have thought of dozens of ways to destroy a hard drive. Unfortunately, these techniques either don't work, or are a nasty combination of unsafe and inefficient.

Some poor methods of hard drive disposal make for great TV show scenes and YouTube videos, but are inefficient, unsafe, and may not completely destroy your digital files. You can Google or YouTube hard drive disposal and find a variety of ill-advised destruction methods:

  • Putting the hard drive in a microwave
  • Setting it on fire
  • Submerging it in water/throwing it in a lake
  • Killing it with a super magnet (Breaking Bad style)
  • Pouring hydrochloric acid on it
  • Reformatting
  • Free data-wiping programs
  • Destroying the drive with a hammer or a drill

Data-wiping and degaussing are popular ways to clear data from a hard drive. While these are effective strategies when transferring a computer internally within an organization, they should not be seen as the final step in the hard drive disposal process. Increasingly effective technology has made it easier to recover information from drives that have been wiped or degaussed. Shredding provides an additional layer of protection to ensure that data will never be retrieved in the event that a mistake has been made in the degaussing process.

Other methods may release unsafe chemicals into the atmosphere (such as the burning, microwaving and acid wash methods), while others won't provide complete certainty that your drive is actually completely unreadable (particularly the big magnet technique—sorry, Heisenberg fans).

Unlike some of the methods listed above, destroying a drive with a hammer or a drill isn't necessarily foolish. The brute force involved can often make the drive's disk reasonably unreadable and you are not exposing yourself to toxic chemicals. However, the time, energy and liability involved (not to mention the danger of injury) in hammering a hard drive just isn't feasible for most businesses – especially if they have multiple hard drives.

The best hard drive disposal methods render the drive's platters unspinnable, and the best way to accomplish this is by using a professional shredding service.

Hard drives are completely destroyed at Shred One in our top-of-the-line AMS-150HD Hard Drive & Electronic Media shredder. This efficient and powerful machine is guaranteed to render your data irretrievable. We take the time to record, scan and verify all hard drive serial numbers, and then we present you with a Certificate of Destruction as proof of your commitment to data security.

Shred One can also destroy and recycle other electronics from your office, including smartphones, zip drives, CDs, DVDs, USB thumb drives and more. We can even recycle old computers for our customers.

Partner with a Professional Shredding Company

Partnering with a certified, trusted professional is an important first step to ensuring the security of your business accounts and information.

Shred One is a AAA NAID certified information destruction service serving businesses across the Delaware Valley, New Jersey and Delaware. We provide document and media destruction services to businesses in a variety of industries in an effort to protect business and consumer information and keep businesses compliant with HIPAA, FACTA and other industry regulations.


How Much Would a Corporate Data Breach Cost My Business?

The Cost of a Data Breach

In today's world, a data breach could happen to any business in any industry. As technology opens up new avenues for outside sources to access confidential information, medical records, and business secrets, the risk of being targeted – by data hackers, by "hacktivists," by opportunistic thieves, even by trash looters – has increased dramatically. As it turns out, the average cost of a data breach has increased dramatically, too.

If your company were to become a victim, the true cost of the data breach to your business would depend on many factors:

  • The type of information lost
  • How much was taken
  • The intentions of those responsible; and
  • The information security safeguards you have in place to mitigate losses.

What is a Data Breach?

A data breach occurs when secure information is released or transferred to someone it is not intended for. Unauthorized access to confidential information in an unsecured environment constitutes a breach, even if the access is unintended and is meant to do no harm.

A data security breach may involve sensitive information about your customers like credit card data or medical information, or corporate information such as trade secrets, contract details, intellectual property and more. These losses may be caused by external threats (hackers, criminal organizations, or even state-sponsored actors) or internal threats (such as "inside jobs" pulled off by employees, or accidental data security breaches caused by negligence or a lack of proper security policies). In either case, the cost of the data breach incident can be extremely high.

How much would a corporate data breach cost my company?

Recently, IBM sponsored the 2016 Cost of Data Breach Study: Global Analysis from Ponemon Institute report. This document summarizes findings from nearly 400 companies in 12 countries around the world, including the average cost of a data breach. Some of the data breach costs they provide include:

  • $4 million – The average total cost of a corporate data breach (up 23% since 2013)
  • $158 – The average cost per breach per stolen record (averages per industry range from $129 for transportation companies, to $172 for retail, and $355 for healthcare organizations)
  • 2.9% – Average increase in churn rate due to a data breach and resulting lost business

Remember, these numbers are averages, and the range in cost of a data breach will vary, depending on the type of industry, the type of data involved, and the circumstances surrounding the breach.

Data Breach Prevention Tips

Attentive business owners, CEOs and information technology professionals are realizing the importance of investing in data security in order to avoid the cost of a data breach. The best way to decrease data incident costs is to invest in preventative measures before a breach occurs.

The following data security best practices can help safeguard your company's sensitive information:

  • Safeguard your digital property. Encrypting sensitive digital information makes your documents harder to steal and is a great step toward comprehensive IT security. Extensive use of encryption saved companies in the IBM study an average of $13 per stolen record.
  • Protect your printed materials. A document management policy formalizes expectations of printed information security at your office. This policy covers important records (bank records, payroll records, medical records, etc.) and makes it clear when (and how) documents should be shredded.
  • Take steps to prevent visual hacking. Employee Confidentiality Agreements, restricted visitor access, and shredding sensitive documents can reduce the risk of your printed materials being seen by the wrong people. Learn more about how to prevent visual hacking.
  • Destroy old hard drives. When migrating to new machines, employees should never toss old computers in the trash. Make it easy for you and your staff to know when used hard drives should be properly destroyed with a hard drive destruction policy.
  • Create an Incident Response Plan. Despite best efforts, sometimes a data breach does occur. When it does, time is precious so take the time to create an incident response plan now. Designating an incident response team saves companies an average of $16 per stolen record, the highest impact of any preventative measures in the IBM report. This means that when 1,000 records are stolen an incident response team would save your company $16,000. Consider appointing a Chief Information Security Officer, too – an appointed CISO saved companies an average of $7 per stolen record.

Partner with a Professional Shredding Company

Partnering with a certified, trusted professional is an important first step to ensuring the security of your business accounts and information.

Shred One is a AAA NAID certified information destruction service serving businesses across the Delaware Valley, New Jersey and Delaware. We provide document and media destruction services to businesses in a variety of industries in an effort to protect business and consumer information and keep businesses compliant with HIPAA, FACTA and other industry regulations.


What is Corporate Identity Theft and How Can it Be Prevented?

Corporate Identity Theft Prevention

Corporate Identity Theft Prevention is imperative to all businesses. Just as consumers face the threat of identity theft from poorly handled information, protected health information (PHI) and other sensitive personal information, businesses are also targeted for identity theft by criminals. Just as all corporations are inclined to protect their customer data, information related to the business needs the same protection. If preventative measures are not put in place before a breach, criminals may target your business and obtain credit information and run up bills in the name of the business.

To protect themselves, businesses must understand the risks of corporate identity theft, as well as keep themselves informed on how to best prevent corporate identity theft from happening to their business.

What is Corporate Identity Theft?

While corporate identity theft is generally thought of as a security breach of consumer information, corporate identity theft is similar to consumer identity theft. Corporate identity theft is the criminal impersonation of a business to steal from that business.

Corporate identity theft usually occurs in a cyber environment. Business account information is either stolen from existing records, or criminals pose as a business to collect sensitive information from consumers or other businesses.

Who is Vulnerable to Corporate Identity Theft

Any business - regardless of size or type of business - is potentially vulnerable to corporate identity theft.

Businesses involved in lending - banks, pawn shops, auto title pawning businesses, etc. - are especially vulnerable. In addition to having access to debtor account information, criminals could also gain access to business account information: bank accounts, credit cards, etc.

Additionally, buyers and sellers of debt (collection agencies, for example) are common targets for corporate identity theft. The purchase of debt involves transactions between two or more business accounts, leaving behind records with large volumes of sensitive information. Corporate identity theft can occur by accessing these records, and criminals can potentially pose as a buyer/seller of debt to acquire sensitive business information. Consumers must be aware of, and businesses must be vigilant in guarding against schemes which involve criminals posing as a company to obtain sensitive consumer information.

How are Corporate Identities Stolen?

The most common forms of corporate identity theft occur over the internet, through the use of email, over the telephone, and through regular mail. Businesses and individuals face constant threats from criminals seeking to profit by gaining unauthorized access to sensitive information. Here are some methods through which corporate identities are stolen:

  • Website forgery is one of the methods used by criminals to steal sensitive information and gain access to a company's log-in IDs and passwords for bank accounts and other sites where business may be transacted. One way in which web site forgery occurs is when an individual is redirected to a phony site that looks like the site they are attempting to access. The phony site then elicits IDs, passwords and security questions.
  • "Phishing" is also a common technique for stealing corporate information and identities. In a typical scenario, corporate employees or individuals are targeted with emails which appear to be from a trusted source and contain infected links. Opening infected links can provide hackers with entry into a company's computer systems. Targeting high-level corporate executives with phishing schemes is known as "whaling".Phishing can also occur over the telephone. Scammers will impersonate lenders and other trusted organizations, leaving messages with call back numbers. When an individual returns the call, they may be prompted to enter account numbers, social security numbers, and other sensitive information.
  • Low-tech phishing is also conducted through regular mail and fax correspondence. Criminals, appearing to be from trusted organizations, will mail or fax requests for sensitive personal information or corporate information such as customer credit histories and employment verifications.

The bottom line is that sensitive information should never be disclosed through any medium unless you can verify the identity of the recipient of your information. Individuals should always be wary of opening links or attachments contained in emails they receive. Caution should also be exercised when opening links on seemingly trusted web sites which may redirect the user to a phony site. Sensitive information should never be disclosed over the telephone unless you are initiating the call and know exactly who you are calling. Unexpected requests for sensitive information should always be investigated. For instance, a business should never verify a customer's credit history or an employee's information without first checking with the customer or employee.

Corporate Identity Theft & the Red Flags Rule

Any business lending money is subject to the Red Flags Rule and must take all precautions to prevent identity theft. The Red Flags rule requires vigilance on the part of businesses, and is "designed to detect the warning signs - or red flags - of identity theft in their day-to-day operations."

The Red Flags Rule helps to protect consumers from the risks of identity theft, but taking the appropriate "red flags" precautions can also help businesses protect their own sensitive business information. For example, a debtor who always pays on time missing a scheduled payment, could be an indication or red flag that the payment has been directed away from your business. Businesses must develop and implement appropriate measures which are designed to detect red flags.

Learn more about the Red Flags Rule »

Corporate Identity Theft Prevention Tips

Document Shredding

Document shredding is an essential step to protecting your business against corporate identity theft. The following records, regardless of business type, should always be destroyed:

  • Bank records. Discarding and destroying paper records without shredding them could give criminals a head start to controlling your corporate bank accounts.
  • Payroll records. Unauthorized access exposes both businesses and their employees to identity theft and bank account theft.
  • Tax records. Tax records contain a large amount of sensitive information about your business, including financial records and business bank account information.
  • Corporate credit accounts. Businesses are just as vulnerable as consumers to credit card theft. Papers and documents containing account numbers, expiration dates or security codes must be destroyed.

Create a Document Management Policy

Creating a document management policy is a crucial safeguard for your sensitive business information. This formal, documented policy educates employees on the importance of document and information security, outlines policies relating to discarding and destroying documents or electronics with sensitive information, and prevents unauthorized access to sensitive information from any unauthorized individual.

Learn more about creating a document management policy »

Media & Hard Drive Destruction

Your business information isn't just stored on the paper documents around the office – it is also stored on your computers' hard drives, USB drives and other electronic media around the office. Sensitive corporate information can be found in some of the following items and should be properly destroyed prior to being discarded:

  • Hard drives (desktops, laptops, copiers, scanners, printers, fax machines, etc.)
  • USB and thumb drives
  • Cell phones
  • Optical media (CDs, DVDs, etc.)
  • Floppy disks
  • Backup tapes

For more information on items to destroy, view our Hard Drive Destruction Item Checklist.

Create a Sound Data Security Plan

Proper document management and responsible media destruction will help safeguard physical paper documents and temporarily stored data. It's important to protect your active data with an overall data security plan. A single hard drive or server can contain all of your business information, and if this becomes breached while in use, criminals could potentially have access to every business account, password and other sensitive information allowing them to impersonate your business. It is imperative that corporations and businesses develop proper security measures to prevent identity theft. In addition, a comprehensive plan of action in case of a breach should be created.

The Federal Trade Commission (FTC) has published a variety of resources for businesses of any size and in any industry to help secure their data and sensitive information.

Learn more about data security »

Partnering with a Professional

Corporate identity theft prevention isn't a small task, but it's an essential one. Partnering with a certified, trusted professional is an important first step to ensuring the security of your business accounts and information.

Shred One is a AAA NAID certified information destruction service serving businesses across the Delaware Valley, New Jersey and Delaware. We provide document and media destruction services to businesses in a variety of industries in an effort to protect business and consumer information and keep businesses compliant with HIPAA, FACTA and other industry regulations.


The Importance of Secure Information Destruction Services

Secure Information Destruction

The digital age has completely transformed the way businesses think about and store their information. Paper documents, while still a vital part of storing information, have been converted to electronic word documents and PDFs stored on hard drives or USB drives. Because of this, it's time to start thinking about information security and destruction.

Information security means protecting all of your information, regardless of format. It's estimated a single, one terabyte hard drive can contain almost 86 million pages worth of word documents. This could potentially fit all of your customers' information and your business's information into one storage device, exposing your business to significant risk.

Information destruction ensures your information remains safe, and your business is secure and compliant with legal regulations.

What is Secure Information Destruction?

Secure information destruction is a vital part of information security. Once confidential information has passed its retention period or storage items have outlived their purpose, the information and electronics holding the information need to be properly disposed of and destroyed. Information destruction destroys all documents and electronics beyond retrieval, keeping your information secure.

Secure Information Destruction vs. Secure Document Destruction

Secure document destruction only destroys your paper documents, but information destruction destroys all sensitive information. Whether information is stored on a laptop, USB drive, or CD, information destruction ensures the information is properly destroyed. Information destruction means destroying:

  • Paper documents
  • Internal hard drives (computer, scanners, and other electronics)
  • External hard drives
  • Floppy disks
  • USB drives
  • Backup tapes
  • Optical media (CDs, DVDs)
  • Smart phones and other cell phones

Although these items store enormous amounts of information, their destruction can be accomplished in a fraction of the time that it takes to destroy paper documents Destroying a single hard drive can take less than a minute; destroying documents with the same amount of information could mean destroying up to 4,600 boxes over the course of days.

Residential Information Destruction

Information security isn't just a concern for businesses - it's for individuals, too.

Residential information destruction protects individuals from major risks, including identity theft. In 2014, there were nearly 296,000 complaints of identity theft and more than 18,000 combined from Pennsylvania, New Jersey and Delaware. Identity theft is a major risk - and one that can be prevented with secure information destruction.

The Importance of Secure Information Destruction

Secure information destruction is essential for any business; it protects all confidential information - for businesses and their customers - from a potential breach. This provides peace of mind, and mitigates the risk of loss and liability.

What does a major risk look like? Think of things this way: if a single, pocket-sized USB drive is unaccounted for, millions of customers' information could be breached in a matter of seconds.

Without a secure information destruction or information security plan in place, your business is open to the risks of losing a significant amount of sensitive information in a very short amount of time.

Legal Implications of Information Destruction

Secure information destruction isn't just a moral obligation - it's a legal one. Businesses all across the country are bound by laws and regulations that require companies to protect personal identifiable information of their customers. These laws and regulations include:

  • Health Insurance Portability and Accountability Act (HIPAA)
  • Fair and Accurate Credit Transactions Act (FACTA)
  • Gramm-Leach-Bliley Act (GLBA)
  • Family Education Rights and Privacy Act (FERPA)

 

Partnering with Shred One for Information Destruction

Our selection of information destruction services ensures that we provide the best, most cost-effective services while maintaining the highest levels of customer satisfaction, security and dependability.