data breach

A data breach can result in a very stressful and difficult time for any business; no organization wants to be faced with such a thing, and we don’t blame them! If affected by a breach you can wind up being at risk financially and your reputation can take a hit, which can be hard to overcome. While we are becoming more and more knowledgeable in relation to protecting ourselves from data breaches, they sadly do still occur and can take place out of nowhere with no warning.

 

Ongoing improvements to technology are without a doubt assisting in workplace efficiencies and competences, but at the same time they are unfortunately also helping hackers in their ability to locate and obtain confidential, private information.  This is becoming a regular reality, however, data breaches primarily stem from the physical loss or theft of devices and documents containing private details. If your business circulates and stores sensitive employee information or customer data, you have a legal obligation to report if and when it is known that information has been leaked.

 

Normally when data breaches take place they make major news, especially if they involve large corporations; today however, data breaches happen so frequently to companies of all sizes and industries that they don’t always get reported. In 2016, an estimated 36.6 million records were made public through some variation of breach.

 

The potential for data breach to take place at any given time isn’t all you should be worried about. Did you know that there are state laws that mandate the steps your business should take following a breach?

In the United States, each state (aside from Alabama, New Mexico & South Dakota) has strict laws in place with such requirements. What are they? Security Breach Notification Laws. The National Conference of State Legislatures has a compiled list of breach notification laws that can be viewed through their website. These laws also reveal how companies may inform victims of data breaches, as well as who is obligated to comply by them. Here are some key points in relation to breach notification laws in the US.

 

  • Breach notification laws in the US only relate to enumerated variations of data that are deemed quite confidential in nature (social security numbers, drivers’ license numbers, bank account numbers etc.).

 

  • Certain US legislations require notification for material breaches only. These are breaches that compromise the security or privacy of an individual.

 

  • The shortest time frame to inform victims of a data breach is 10 days. Failure to meet these time periods will typically result in severe penalties against the information-holding party.

 

  • Penalties for not notifying parties change slightly by state, and they may include fines or additional action against the party that fails to respond.

 

The first such law was announced in California in 2002, and came into effect in mid-2003. The laws established in most other states follow the same basic system of California’s law. The California bill can be reviewed here for more information. A list of the notification bills for alternative states can be found here.

Do your best to have document shredding services in place on a regular basis, and in turn you will do wonders in protecting yourself from the risk of a data breach. If you have secure document destruction in place, you are doing your part in staying compliant with privacy legislation.

Contact SAFESHRED for further details on our document shredding solutions. We are happy to assist you.

Call 1-800-987-4733

read more

If you own and operate a small home business, it is possible you believe implementing security measures aren’t necessary. Unfortunately this is not the case as document security must be in place for your protection.  In fact, self-employed entrepreneurs that run businesses in their homes have essentially the same legal responsibilities in regards to document security and maintaining confidentiality.

Hackers tend to target small businesses because they know that security measures are often ignored, making them an easy victim.  The 2016 State of SMB Cybersecurity by Ponemo, revealed in one report that 50% of small and medium-sized companies experienced a data breach in the preceding year. The most prevalent attacks were those that took place on the web as well as phishing/social engineering attacks.

Noting these alarming statistics, close to 40% of small business owners are still failing to practice the necessary information security procedures, failing to follow a secure policy for the disposal of sensitive documents.

Let’s take a look at how you can improve your home based business’ security:

Evaluate and Assess Potential Risks

  • Review what confidential information is handled, what your responsibility is to protect that information in relation to data protection regulations, and what the security risks might be
  • Never be afraid to inquire about or confirm security procedures of those organizations you are linked to/partnered with. These may include vendors or suppliers
  • Educate yourself on possible cyber threats, and stay current on ways in which you can stay safe from hackers

Take Advantage of Secure Document Storage

  • You should have a document management process implemented that includes retention periods and secure retrieval
  • If able, convert paper records into electronic format through professional scanning solutions. Save information to the cloud or an external hard drive
  • Always make backups of any electronic records and store them in a secure facility
  • Store sensitive records in lockable filing cabinets or drawers, always.

 

Purge Confidential Documents

  • Always make sure sensitive information is managed in association with specific compliance requirements
  • Forget thinking that you need to “Save” all of your old files; familiarize yourself with those records that require secure storage like contracts, invoices, accounting and tax papers, receipts, billing, expense forms, and client information, and have the rest professionally shred.
  • Arrange a one-time purge service for those old documents that need professional shredding. Ideally this should be carried out on a month to month basis to reduce the amount of documents laying around at home.

Always Dispose of Documents Securely

  • Securely shred all documents that you have no reason to hang on to; this needs to be done prior to recycling them for your security. Outsource secure shredding to an experienced and quality document shredding provider who will promise the protection of your documents through industry best practices.
  • A shred-all policy may be exactly what you would benefit from to reduce chance of human error or poor judgement about what files should be professional destroyed.

Partner with SAFESHRED

Find out how the team at SAFESHRED can protect your home-based business this year. Get in touch with us for a free quote or to learn more about our document shredding processes.

Call us today at 1-800-987-4733

read more

It is a common occurrence for many business employees; travelling, whether for business purposes or pleasure, comes with certain responsibilities and important considerations. You need to ensure you have everything needed while you’re away which means packing properly and organizing all of your travel essentials so that nothing is forgotten. Whatever your next travel plan involves, surely you won’t be leaving your laptop, tablet, and cell phone at home while you’re away. Traveling on the road with electronic devices is extremely common practice today, but what may be overlooked is the need to protect the sensitive data stored on these devices, by keeping your electronics secure throughout your trip.

With the Christmas season behind us, many are taking their New Year business trips, or travelling with their children for a winter vacation.  The professionals at SAFESHRED want to provide you with some valuable tips to help prevent your information and devices from landing in the wrong hands.

Let’s review some great reminders while you’re away on travels:

  • Back-up all information prior to leaving:Before you pack your bags for a weekend business trip or a weeklong getaway, make it a priority to back up any data that is currently being stored on your device(s), and copy it to any media device that is staying at home. For example, you may want to back the information up on a storage card, cloud, or computer, if these gadgets will be staying at home.  Do your best to delete or transfer any personal confidential matters, like your social security number, passwords, credit card information etc. Think about storing this data in a safer location that provided more security. There’s no reason to keep this information stored on your portable devices.

 

  • Travel lightly when possible:If it’s not an essential electronic or device that’s needed with you, it’s best to leave it behind. Only take with you items and personal belongings that are crucial for your trip.

 

  • Make sure data is encrypted:We highly encourage you to check that your portable devices are encrypted. Why? Should you use public networks on the road, the risk of other users accessing your login details or emails, increase substantially if they in the nearby areas. Encrypting your data makes it unreadable and impracticable to those that aren’t equipped with the tools needed for unlocking.

 

  • Lock all electronic devices:While an obvious security precaution, it should be stressed that you lock your computer and mobile device when it’s not being used; especially while travelling. Do this on a regular basis to help prevent and stop unauthorized persons from accessing your computer’s hard drive and private business information.

 

  • Install anti-virus software on all devices: Viruses and hacking occur all of the time; the last thing you want to deal with is a virus while you’re away. To prevent this possibility, it’s best to install anti-virus software as well as perform regular updates on your personal computers so that all information remains secure without any worries.

 

  • Use password protection on all electronics:Portable devices are very common targets for criminals because they are small and typically effortless to sell. Reduce the chances of sensitive information reaching the wrong hands, and put password protection on all devices. This should be the case for laptops, tablets, mobile phones, and more.  Improve your security by using a combination of upper and lowercase letters, numbers, as well as special characters. Forget about using easy-to-guess passwords like birthdays, pet names, or anniversaries. All phones should be secured with passcode locks and if an option, touch IDs as well. When used for business processes, devices that need corporate email or networks should have secure passwords and be managed successfully by the tools in your mobile device.

 

  • Delete any passwords saved on your devices:Login information that is saved for websites may seem suitable but these saved passwords can leave your private information at Signiant risk.  For your protection, we encourage you to get rid of this selection entirely.

 

  • Never leave devices unattended in a public location:Leaving your computer or cell phone in open view, increases the risk of having your property stolen. When able, keep all electronic devices in a covered purse, your pocket, or close to your body in general. If you misplace your phone or laptop or believe that it has been stolen, report this news right away to help ensure information isn’t compromised.

 

  • Connect to encrypted networks: if you’re using public networks for internet purposes, check that they are encrypted first and only choose websites that are “https”. It may also be wise to contact your service provider for a global data package, if you’re travelling internationally.

 

  • Find my iPhone/iPad/Mac: It is smart to enable your “Find My iPhone/iPad/Mac” feature on devices, as if something goes missing or is stolen unexpectedly, you can still locate your device.

    Call our team for more tips and details at 1-800-987-4733

read more

 

All companies are subject to certain legislation in the United States, for a variety of reasons. An important component in each of these includes the need to protect highly confidential matters; this typically refers to sensitive print and digital records. Secure document destruction is a key solution highlighted under many of these laws and failure to implement such practices can result in legal action.

SAFESHRED is highly knowledgeable in relation to the specific necessities dictated by federal and state governments to ensure you remain in compliance. We have outlined some of the many regulations to educate yourself on below, all of which incorporate document shredding and how each may relate to your particular industry.

HITECH

The Health Information Technology for Economic & Clinical Health act was established by the federal government under the American Recovery & Reinvestment act of 2009. The primary purpose behind HITECH was the introduction of the requirement for HIPAA-covered entities to inform victims if it has been determined that there was a breach of unsecured protected health information (PHI). Additionally, it goes into detail concerning the necessities that must be met in order for the breach of notification stipulation to be cleared. Organizations protected under HIPAA are also legally directed to notify HSS and the media if a breach occurs that targets more than 500 victims. Specifically, the act states that the encryption of electronic information and the physical destruction of paper PHI are the only recognized processes that could exempt you from a breach notification obligation. If you own and operate a healthcare company, you can learn more details about HITECH here, or talk to a representative of SAFESHRED in Los Angeles, for advice and direction on this topic.

GLBA

If you’re affiliated with the financial industry, it’s extremely critical that you or another employee is trained and up-to-date with the particulars of this act. The Gramm-Leach Bliley Act was put in place in 1999 with the goal of protecting sensitive consumer information held by financial institutions. This refers to any data used to get a financial product (SSN, address, name etc.), any information received from a transaction associated with your financial products or services, or any data received about an individual in relation with providing such financial products and services. You can review a guide issued by the FTC on how to stay compliant with GLBA here.

FERPA

The Family Education Rights & Privacy Act (FERPA) is a federal law that aims to secure students’ educational records. The law relates to anyone that collects funding under programs administered by the US Department of Education. To stop unauthorized disclosures of sensitive data, it is recommended that related entities use secure measures, such as document shredding to dispose of sensitive records. Failing to dispose of records properly may be recognized as an unauthorized disclosure, leaving businesses in vulnerable positions, in the hands of the federal government. For further education on FERPA, check out the Department of Education’s official portal on the act here.

Verifying that your company is up to snuff on the law is crucial to stay alive and competitive. SAFESHRED’s quality shredding services supply you with an essential step in ensuring your company doesn’t have to deal with the trouble of legal matters. Keep focusing on what you do best, and we’ll handle the rest!

Get in touch with our professional team in Los Angeles to speak to us in regards to your specific shredding needs and how we can help your company improve its security efforts. Call 1-800-987-4733

read more

It’s common for smaller companies to have fewer security processes in place due to the simple fact that they think their size will eliminate them from falling victim to information theft; sadly the opposite is quite true, and these companies can be significant targets for cyber criminals.

With that said however, it shouldn’t be the only reason you create a secure environment in your place of business; data breach can be extremely costly and unfortunately it continues to affect several businesses. Not only can the affects be overwhelming from a financial standpoint, but it can also damage your reputation significantly. Small start-up companies are actually more vulnerable to fraud and information theft because often they are still working towards building their business and customer base.

security tips

read more

document shredding

If you have looked around our website you may have seen the name NAID floating around. NAID may not mean anything to you at first, but it is an important acronym. It stands for the National Association for Information Destruction, and this group has done a lot for consumers in the document destruction sector. NAID is a standards setting body for the information destruction industry recognized at the government level. It operates all over the globe, making sure that document shredders operate within the bounds of the laws that are relevant to them and their customers. Members of the association are given the responsibility of following different legislations for customers, among other quality-assurance measures.

NAID’s certification program was put together by information security experts around the world. Members of the association seeking to obtain and hold this certification are held to many responsibilities, including undergoing random audits to ensure that all commitments to the association and customers are being maintained.

The responsibility to ensure companies have written policies that use the correct legal terms and meet existing legal standards, actually falls on to the customer. If a customer uses a shredding provider which fails to operate at existing legal standards and runs into legal trouble, the customer is responsible rather than the shredding provider. NAID Certification is important for consumers because of this. Part of the certification requires that data destruction firms have written policies which include the correct terminology, and comply with existing federal laws where relevant. This is a measure designed to protect customers.

Noting this, it is important to consider that NAID Certification, while important for consumers, is completely optional. While there are companies who operate without NAID Certification who may do fine work, there is simply no way or guarantee for the customer if something goes wrong.

 

SAFESHRED is a proud NAID Certified member.

We maintain or exceed the standards to ensure our operations meet and exceed the stringent legal responsibilities for both us and our customers in nearly all industries. SAFESHRED cooperates with other NAID members to ensure the document destruction community remains secure. All of our services and operations are designed to fall well within the scope of legal responsibilities for customers in these many sectors. To learn more about SAFESHRED and NAID, check out the Chain of Custody on our website. Our team knows what’s up!

SAFESHRED is ready to bring our wealth of shredding expertise to customers in the counties of Los Angeles, Orange County and San Bernadino, no matter what the field of business. If you are looking for a shredding service for your home documents, or need more industrial business solutions, our highly equipped team is ready to work for you.

Contact us today to get started. 1-800-987-4733

read more

legal destruction

In California most businesses are subject to federal or state legislation which forces specific day-to-day operations to occur. There are so many bills that can affect business operations that it can be hard to keep on top of them all. Your business should however, know the basics of one specific piece of legislation known as FACTA.

FACTA stands for the Fact and Accurate Transactions Act. The law was created and implemented with the goal of preventing and punishing consumer fraud and identity theft practices. The act consists of seven major titles:

  1. Identity Theft Prevention and Credit History Restoration
  2. Improvements in Use of and Consumer Access to Credit Information
  3. Enhancing the Accuracy of Consumer Report Information
  4. Limiting the Use and Sharing of Medical Information in the Financial System
  5. Financial Literacy and Education Improvement
  6. Protecting Employee Misconduct Investigations
  7. Relation to State Laws.

On June 1, 2005, the FTC (Federal Trade Commission) put into effect a new part of FACTA known as the “Disposal Rule”, which was composed to encourage businesses and individuals (including those in the Los Angeles area) to take appropriate measures to dispose of sensitive information derived from consumer reports in order to prevent identity theft and consumer fraud In summary; it requires businesses and individuals using consumer reports, to destroy them after an appropriate time period has been reached.

The FTC outlines what it classifies as proper document disposal methods. These methods include burning, pulverizing or shredding papers containing consumer report information. Electronic files must be destroyed or erased either through digital or physical destruction of the media devices, used to store the information (ex. Hard drives, USB flash drives etc.).

The Disposal Rule applies to many businesses covering many different professional areas. These include:

  • Consumer reporting companies
  • Lenders
  • Insurers
  • Employers
  • Landlords
  • Government agencies
  • Mortgage brokers
  • Automobile dealers
  • Attorneys or private investigators
  • Debt collectors
  • Individuals who obtain a credit report on prospective nannies, contractors, or tenants

Click here to learn more about FACTA.

Click here to learn more about the Disposal Rule.

SAFESHRED is proud to offer services that are compliant with guidelines set out in many federal and state-level legislations including FACTA. Our NAID membership ensures, among other things, that our operations are in spec with the most rigorous service standards and legal compliances. Your Los Angeles area business can rest assured with SAFESHRED. To learn more, contact us today at 1-800-987-4722.

read more

Over the last few years, research has determined that human error is a top cause of data breaches in workplaces across the globe.

data breach

What are some common mistakes in the workplace that result in a data breach?

Giving into a phishing scam:  This scam takes place when an employee receives an email from an unknown source who attempts to draw that individual into downloading malicious files or click a forbidden link.

Misplacing a laptop: Laptops are flooded with confidential information and studies reveal that in fact, they are the most commonly stolen electronic devices among every business and industry.

Privilege abuse: Theft of confidential data can occur if a staff member gains access to information they shouldn’t have access to. It can also take place if an employee continues to seek out unauthorized company information, even after that employee has left the organization. It’s imperative that passwords and log-in information are changed immediately upon staff leaving your business to prevent this.

Security error: In many situations, it comes down to ‘lack of knowledge’ and ‘human error’ in relation to information security. Errors that result in sending sensitive information to the wrong individual would fall under this specific category.

Passwords: Many data breaches take place because of weak, stolen, or default passwords. Always make an effort to keep passwords protected and strong to avoid this.

Improper disposal of information: This goes without saying that secure storing and disposing of sensitive information is critical in guarding information against exposure. When employees lack the proper training on information security processes, they are left making the decision as to what is and what isn’t considered confidential; this can be risky business. 

How can your business stop these errors from happening?

There are many steps you can take towards protecting yourself from data breach; document shredding is just one example and should be applied alongside a shred-all policy for the most effective approach. Regular training is vital in ensuring your employees stay up-to-date and knowledgeable in information security tips.

SAFESHRED has supplied peace of mind to companies, residents, and government by providing the most versatile, secure and thorough document shredding solutions available. Stay free of a data breach by turning to our professional services. Contact us today at 1-800-987-4733!

read more

on-site paper shredding

 

If your Los Angeles business is looking for a shredding service that is secure, reliable and considerate of your needs, then you’re already on the right website! SAFESHRED offers some of the most secure in-house shredding services in the world. But did you know there are more options that we offer which can increase your businesses security even more?

Routine document shredding is one major step your business can take to avoid identity theft, breach of confidentiality and the ensuing legal work that comes with both of these occurrences. SAFESHRED looks to take this preventative action one step further by offering mobile shredding services.

SAFESHRED operates one of the most secure fleets in the country. We keep our trucks well maintained and up-to-date to avoid breakdowns and unforeseen circumstances as much as possible. This ensures your documents get destroyed in a timely and secure manner. Our trucks are also continuously tracked with GPS technology to ensure your documents go where they are supposed to. We handle on average 184 tons of paper per day!

This option is also perfect for businesses with hectic schedules; we come to you! We are able to maintain flexibility by providing your business with secure, designated collection bins that our certified drivers and operators will collect from. We will come to your location, gather the documents to be shredded and destroy them on-site. You can even watch if you are so inclined! After destruction the resulting paper fibers are transported in a highly secured truck to a designated paper mill where they are recycled. A Certificate of Destruction is handed to you upon the completion of the process.

If you’re still questioning the real benefit of using a mobile service in comparison to an in-house service, here are some reasons why we offer the option to our clients.

  • Typical in-house document shredders aren’t capable of destroying documents to the irreversible state that our trucks can. More industrial machines can get closer, but the costs involved in operating and maintaining these machines usually isn’t justifiable to most businesses.
  • SAFESHRED operates at a significantly higher pace than any in-house shredder can. Your 1-hour of in-house shredding could equal 1 minute for our trucks!
  • Our mobile services continue to meet or exceed NAID regulations, as well as federal legislative requirements.

Let’s summarize what you can gain from mobile shredding services; we come to you, collect documents, destroy them on-site, and take the resulting fibers to a paper mill for recycling purposes. The process is timely and your business doesn’t have to make dedicated trips to destroy documents. Our trucks can shred thousands of documents in just minutes. Our trucks are highly secured and only transport fibres; no document is left in-tact before we depart your workplace. Our drivers are certified and will provide a Certification of Destruction on-site, following the shredding process. Lastly, our staff will take care of everything when they arrive on the site, allowing you to focus on running your operations.

If on-site services sound right for your business, contact us today to discuss your unique destruction needs, and together we can discuss the options and provide the best solution for you and your business. Click here to see our coverage area.

read more
Live chat by BoldChat