WHERE DID WE GO WRONG?
If you’re like many other businesses that have experienced a data breach this is mostly likely the first question that you’ll ask yourself.
And the second will be “did our document security take a back seat to the security of our digital data”?
If you’ve experienced a data breach from document theft then the answer invariably will be yes, so isn’t it time that government agencies and businesses pay closer attention to how their document security is handled?
HERE WE GO AGAIN!
On Wednesday 26/6/19 we learnt of yet another case of a third-party contractor failing to properly secure documents for destruction at the Royal Brisbane and Woman’s Hospital (RBWH) where instead of the documents being securely destroyed they were found by a staff member on the corner of a busy street not far from the hospital.
This comes after government documents were found in the street in Darwin in April 2019 revealing a potential a $1m cost blow out.
In recent times some government agencies and a vast majority of medium and large businesses have relied upon the services of third-party contractors to handle their document security and destruction. It can only be assumed the reason for this is that customers are reassured that these third party contractors provide a service which is designed to protect theirs and their customers, clients and patients information by providing a secure service, and that it is simple and easy for the business, however what businesses must ask themselves is how secure is the practice of using a document destruction service when the document destruction industry is largely self-regulated and the following regularly occurs.
- Bins are filled and waiting to be picked up so documents are piled on top because there’s nowhere else for them to go, a practice which occurs in some of the largest businesses on the planet.
- Bins filled to the point of overflowing, so the locks have been undone or broken and the lids have been opened so they can fit more in, not what we’d call an overly secure practice.
- Bins left in areas that are easily accessible to anyone from the public. Sometimes with locks that are broken or undone. Yes, we’ve seen this all too often
- Filled bins left beside a truck while the operator goes to fetch the next bins or the doors on a truck left wide open with filled bins inside and not an operator in sight.
- Paper loaded from secure bins directly into shipping containers and sent overseas for recycling without being destroyed.
THE NUMBERS DON’T LIE
This is made all the more concerning when you take a look at the recently released Notifiable Data Breaches Scheme 12 month insights report from the Office of The Australian Information Commissioner (OAIC) that attributes 35% of all data breaches to human error with 55% of all Health Sector data breaches due to human error and 41% of all Finance sector breaches also due to human error. And alarmingly 186 data breaches (32%) were attributed to a malicious or criminal attack and were the result of theft of paperwork or a data storage device, social engineering or impersonation, or an act of a rogue employee or insider threat.
HOW WELL DO YOU REALLY KNOW THEM!
Now ask yourself how much can you trust those people that work for the third-party contractors? Because as much as the third-party contractor might have your best interests at heart the same may not be said for an irresponsible, lazy or disgruntled employee or someone looking to make a little extra on the side from selling your secure information.
YOUR DOCUMENTS ARE A VALUABLE RESUORCE
Another point to keep in mind is that office paper is a valuable resource and a resource that has a greater value as a recyclable material the less it is destroyed, so although your documents are picked up and taken away for shredding and a certificate provided these documents are destroyed to the bare minimum requirement to provide maximum profit for the destruction companies.
BUT WHAT ABOUT YOUR DIGITAL DATA STORAGE DEVICES?
Well it just so happens that those same third party contractors that are nice enough to look after your document security will also look after the destruction of your digital data storage devices however as the Commonwealth Bank found out in 2016 this isn’t such a good idea with two magnetic tapes containing back up data on almost 20 million customers being lost, by you guessed it, a third party contractor!
THE TIME TO ACT IS NOW!
Don’t leave your privacy in someone else’s hands, to find out how simple it can be to secure yours and your customers, client and patients privacy get in touch with us at 02 8893 9493