What Small Businesses Should Shred –– And What They Shouldn’t
Although data security nowadays typically means protecting digital information against theft or breach, that’s not always the case. Oddly enough, printed documents pose a serious cybersecurity threat to businesses of all sizes primarily because they don’t normally think about information on paper while beefing up enterprise data security.
Here are just a few frightening facts pulled from a recent Ponemon Institute study:
• How many businesses have no policies in place for safely disposing secure documents? One-third.
• How many businesses admit to losing sensitive or confidential documents? 7 companies out of 10.
• How often are employees the reason for losing these important documents? 5 times out of 10.
As a small business owner, you need to know that tossing documents in the recycling bin does not guarantee their security. In fact, it could put your company at risk, unless those documents are completely and totally destroyed.
Professional shredding services at your local Staples can give you peace of mind when it comes to paper document disposal. So what should get shredded and what should stay behind lock and key?
What to keep and never shred
Some important documents will be forever spared from the hungry maw of the shredder:
· All paperwork involving capital stocks
· Both certified and periodic financial statements
· Pension records
· Copyrights or trademarks
Quick tip: Make sure you keep all your documents safely organized in a locked filing cabinet away from prying eyes.
What to keep for a while and then shred
As more and more businesses digitize, fewer bits of information reach the printed page. However, for administrative or legal reasons, small businesses may have to hang onto hard copies of printed documents for a duration of time required by a regulatory body before it’s safe to destroy them. These include:
• Tax documents: Wait at least three to six years, depending on tax status
• Employee onboarding information like W-4s or I-9s: Wait at least four years after termination
• Healthcare information: Varies according to law, but usually wait around six years
• Past client contracts: Wait at least six years after termination
• Employee contracts: Wait at least seven years after termination
Small business owners should consult with a legal advisor before shredding documents like these to ensure they stay compliant.
While the instinct to save these important documents isn’t one you should fight unnecessarily, timely disposals reduce the risks to current data security efforts by minimizing the amount of physical files small businesses are accountable for.
What to shred immediately
Pretty much everything else. Anything containing identifiable information about past customers or employees, anything disclosing insider information you don’t want made public, and anything that might be used to undermine current data security efforts –– all of it goes into the shredder.
As simple as this last rule seems, small businesses could still run into trouble if they neglect to brief staff on the importance of data security and best practices for saving documents for shredding. For instance, if forgetful employees jot down their username and password for a secure office network on a sticky note, that could cause a major data breach if not properly disposed.
Now, that might not seem like a big deal, after all when was the last time a sticky note caused the collapse of a business? But it’s one loose end out of many cybercriminals could exploit if they dig through your trash.
So, before you absentmindedly chuck an invoice, bill or any kind of office paperwork in the bin, ask yourself: Will this file come back to haunt me later if I don’t shred it now?