The Shred Easy Blog

Archive for the ‘News’ Category

Security experts are warning that the upcoming November tube strikes could result in widespread corporate confidential information and confidential data loss, as workers transport confidential information in chaotic conditions.

Fresh talks were scheduled to avoid a third London-wide tube strike, which would cause commuters to arrive late, leave early and work whilst on public transport.

Many workers will choose to access their company systems remotely via their laptops, BlackBerrys, iPads and USB sticks. This means that staff will be carrying around vast amounts of confidential information.

Jim Watson, managing director of Shred Easy, the UK’s leading shredding services and confidential document destruction companies said:

“Workers must be aware of transporting devices containing secure information around the city. I urge all businesses to brief their employees and offer training about how to deal with secure confidential data. My advice is to back up any secure data and keep a watchful eye on gadgets at all times.

“For far too long we’ve witnessed major breaches of secure confidential information security, the leaking of confidential information and the embarrassment of various organisations. If you are in a position of handling, transporting and the secure disposal of confidential data, it is up to you to protect that confidentiality.”

London Underground and union leaders from RMT and TSSA are due to sit down with conciliation service ACAS this week to try and reach a compromise agreement to avoid strikes.

The threat of a £500,000 fine from the ICO is preying on everyone’s minds. And unfortunately, there are some ruthless shredding services companies out there jumping on the bandwagon by offering what they claim to be a secure document destruction solution…

But before agreeing to what, on the surface may seem a good deal, dig a little deeper and consider the following;

1.            Is the shredding company accredited?

Check if the shredding company you’re considering is registered with the British Security Industry Association (BSIA), the United Kingdom Secure Shredding Association (UKSSA) and the National Association of Information Destruction (NAID). As an accredited member, companies offering shredding services are required to adhere to stringent standards including EN15713. This ensures the security of all aspects of their business; from their premises, vehicles and employees through to the size the materials are shredded to.

2.            Will you be provided with evidence of document destruction?

Following document destruction, you should be issued with a certificate of destruction detailing the type of material destroyed, the amount destroyed and the date it was destroyed on. Each document destruction certificate should also contain a unique reference number which means you are provided with a complete audit trail of the shredding service.

3.            Are their employees security checked?

Due to the secure nature of the role, it’s important to ensure the personnel handling your confidential information are security cleared. Check if they are cleared to EN15713 standard “Security Screening of Personnel Employed in a Security Environment”and if they have completed Criminal Records Bureau disclosures or Disclosure Scotland.

4.            Do they offer an on-site shredding service?

Using an on-site document destruction company guarantees the security of your documents – your confidential, sensitive material is destroyed on site and in your view.

If an off-site service suits you better, make sure the material collected is destroyed within 24 hours. Also, ensure the transportation of the material is “trackable” and the document destruction and recycling facility itself is fully secure.

5.            Does the shredding company provide secure storage containers?

Are these containers secure and lockable? Are they high quality and do they look good? Will they help you decide how many you need and will they fit in with the rest of your office furniture?

6.            Can they provide a national and flexible service?

Is the mobile shredding company regularly in your area? Do they have a base in the area? Check to ensure that alongside a regular scheduled shredding service, they have the flexibility and capacity to accommodate ad hoc collections and large “clutter clearouts”.

7.            How environmentally friendly are they?

Review their green credentials. Check if they have ISO14001 status. What happens to your materials once they’re destroyed – are they recycled? Do they operate a tree planting scheme? Do they operate green routes as well as using lighter, quieter vehicles to further reduce their carbon footprint?

8.            Will they securely destroy other media?

Its not just paper that contains sensitive and confidential information. Hard drives, memory sticks, CDs/DVDs and laptops can all still store confidential files even after deletion and should be completely destroyed.

9.            What insurances do they have?

Make sure the shredding company you decide to use is properly covered. Check they have up to date employers’ liability, public liability and product liability. Professional indemnity insurance is also a bonus.

10.          How do they manage their processes?

ISO9001 is the internationally recognised standard for quality management and by working with an ISO9001 registered shredding company you can be assured quality and customer focus is at the forefront of what they do.

SECURITY experts are warning all organisations to beware of unregulated one man bands entering the data destruction sector and urge all businesses to use British Security Industry Association (BSIA) fully accredited shredding companies.

As ID fraud and security move higher up the news agenda a plethora of shredding companies have entered the confidential data destruction market to capitalise on this. This coupled with the news that businesses of all sizes are trying to reduce costs, means a host of companies could be looking to employ cheaper off site shredding companies to destroy public confidential information.

Recent data security breaches include last week’s news that police were investigating the contents of a computer memory stick said to contain sensitive anti-terror material which was reportedly found in the street outside a police station in Stalybridge, Greater Manchester. Furthermore Zurich Insurance was recently fined £2.3m by the Financial Services Authority (FSA) for losing personal details of 46,000 customers.

Jim Watson, managing director of Shred Easy, one of the UK’s largest confidential data destruction companies, said:

“These non regulated one man bands may offer a cheaper shredding service at the outset but do you know how secure your data is? Ask your data destruction company to provide you with an on site shredding service so you can see your waste being destroyed. Also demand a Certificate of Destruction which confirms the time and date of the destruction. When you’re dealing with highly sensitive information like medical records, addresses and bank details it’s imperative they are securely destroyed.

“I’m calling for greater recognition of accreditation in the security sector. Look out for shredding companies who have BSIA / UKSSA / NAID certification. This ensures a high quality and reliable data destruction service that’s delivered by fully qualified shredding businesses guaranteeing peace of mind.”

Daren Wood, northern regional general manager at the BSIA, said:

“We would advise any businesses dealing with confidential data to choose a trusted information destruction supplier who will dispose of it correctly and in accordance with current laws. The BSIA is a great place to start when sourcing a reputable shredding service supplier, as all of our members meet strict criteria and adhere to high standards of quality.”

Key questions to ask a data destruction company before employing them:

- How does the company recycle the data?

- Can you see the data being destroyed in front of you?

- What proven quality and Security Association membership does the shredding provider have?

- Who is handling your data? What checks have been carried on the operatives?

- Can the company provide client references?

Legal and security experts are warning fraud victims to be alert for criminals claiming to be able to recover lost money.

People who have been cheated out of their savings are being approached by legal recovery companies promising to recover their money for a fee.

However, all too often the company is a front for the original fraudsters or another criminal who has been sold the victim’s details.

The Association of Chief Police Officers’ Working Group on Fraud discussed the crime and alerted forces to be aware of the threat.

Daniel Berke, head of fraud at law firm Lewis Hymanson Small, said;

“These are clever fraudsters, targeting innocent victims and conning them out of their last savings. Be wary of any firms that contact you directly claiming to be able to help, especially if they’re getting in touch before you have even contacted the police or your own legal expert.”

Jim Watson, managing director of Shred Easy, one of the UK’s largest confidential data destruction companies, said;

“You should avoid any company asking for cash to recover stolen monies. In order to stop fraudsters from getting hold of confidential information in the first place, you must always securely destroy confidential data such as bank statements, receipts and credit cards. Plus I would check the security of gadgets such as your computer/laptop, BlackBerry/iPhone and memory sticks. Try and make sure you create a password so only you have access to your private data.”

Official figures from the National Fraud Authority, which was set up in 2008, show that fraud costs the economy more than £30 billion a year.

Fakes flooding Olympic markets

With just over 600 days to go until the starter gun fires for the start of the London 2012 Olympics the black market has seen an upsurge in fake souvenirs.

The 2012 Olympics will see athletes from around the world competing in 26 sports as diverse as badminton, canoeing and horse jumping from 20 July – 19 August.

Recently, Trading Standards officers confiscated 1,300 fake t-shirts and baseball caps with the 2012 logo and the Olympic rings printed on. Olympic organisers say that sales of official merchandise contribute to the £2bn cost of staging the event.

As technology evolves the increase in forged goods means spotting a fake is harder. Experts say counterfeit items must be shredded securely to stop them getting onto the black market, which contributes to wider criminal activity and presents consumers with poor quality items.

Jim Watson, managing director of Shred Easy, the UK’s leading counterfeit confidential destruction company, said:

“Sports fans should know how to spot fakes online and in the street. Look out for faded Olympic logos, cheap material, badly stitched labels, the age of the item and where it was made.

“These items must be securely shredded by accredited shredding companies, like Shred Easy, to protect the official Olympic trade mark.

“If you have bought a fake item under the impression it’s an original, you have legal rights against the seller and should contact Trading Standards immediately. Your statutory rights may allow you to claim for false advertising.”

In November 2009, the Information Commissioners Office (ICO) revealed that a large number of T-Mobile customer data had been stolen and sold to a third party company by an employee of the company. The revelation came as a result of a campaign by the ICO to introduce tougher punishment for data thieves.

T-Mobile, a part of Deutsche Telekom AG, confessed that the details had been sold and stated that they were working with the ICO to not only find the culprit but to wipe out a common problem for all mobile phone companies.
Rival companies had bought and used the information to call customers that were nearing the end of their current contract and would offer them a new one with a new network.

Now, 9 months on, former T-Mobile employee David Turley will be prosecuted after confessing to the crime. Turley admitted to selling the data at Chester Crown Court in July and faces 18 charges under Section 55 of the Data Protection Act.

These charges come on the tail of increased penalties for Data Theft. Before April this year, the maximum penalty for data theft in the UK was a fine of £5000. Now, new legislation has now enabled the ICO to charge companies fines of up to £500,000.

A second former employee, Darren Hames, will submit his plea regarding his role in the theft later this year.
Many companies are already taking precautions to deal with the ‘Insider Threat’ regarding Data Loss Prevention and are adding such tools and technologies such as cryptography and Secure Erasure to ensure that data is accessed only by those with authorisation and destroyed when no longer required.

Anusree Saha, Channel Marketing Manager of Data Destruction company, Shred Easy Ltd explains that, “the fact that the employees have now been charged and the introduction of new powers for the ICO, in April, shows that data theft is an increasing problem that requires harsher penalties.”

“Confidential information is constantly made accessible to would-be thieves and it is encouraging to see the increased severity of the punishments.”

The whole subject of Data Privacy has grown over recent years and has even seen the establishment of an International Association of Privacy Professional (IAPP) with membership spanning the globe.

COURTESY OF DIGITAL FORENSICS MAGAZINE: http://digitalforensicsmagazine.com/

Securely shredding confidential data is the best way for businesses to stay safe from identity fraud, according to experts.

A recent survey by the Association of Chief Police Officers revealed that £20 billion is lost through weaknesses exploited in information and data security. Companies House says between 50 and 100 cases of corporate identity fraud occur every month.

In light of these findings, Shred Easy, one of the UK’s biggest confidential data destruction companies, is urging businesses to step up their data security.

Jim Watson, managing director of Shred Easy, said:

“Businesses are risking millions by having no confidential data policy in place. Fraud against businesses is rising and will continue to do so during and after the recession.

Companies which protect themselves now will weather the storm of this increase in fraud.

“Creating or updating a confidential data policy must be a priority for businesses. It’s not just confidential paper documents that need to be securely shredded but computer hardware such as disk drives and data sticks.”

“With little knowledge or effort, a fraudster can change the registered office of the business, trading address and even names of directors. Companies with a good trading record are then vulnerable if orders for expensive goods are placed and not paid for.”

Shred Easy has produced ten top tips to help prevent business fraud:

1) Create a confidential data policy – if you don’t have one already you are already in the high risk category for being a victim of data theft.

2) Store data safely – don’t assume that bagging it up is the end of the matter. Criminals have rich pickings outside business premises where confidential data has been poorly disposed.

3) Destroy data properly – shred all confidential data and arrange for a professional shredding company to help store, collect and securely destroy confidential information.

4) Check identities – use credit reference agencies to verify the identity of business customers, suppliers and clients.

5) Secure your accounts – don’t allow details of your business banking to escape into the public domain. Thieves are well adept at impersonating signatures.

6) Inform staff – train staff on how to deal with confidential data properly and monitor their behaviour. Most business fraud is committed by people within the business.

7) Keep post safe – theft of post is a major issue for businesses. Scammers may try to redirect your mail without your knowledge.
Restrict key documents – don’t allow staff to have full access to all your company documents. This applies to paper and digital data.

9) Use anti virus software – businesses still get fleeced by online scammers. Installing credible anti-virus software is necessary to combat this threat.

10) Beware of carrying large amounts of confidential data on laptops, data sticks or mobile devices such as BlackBerrys and iPhones. These small portable gadgets are magnets for thieves who can exploit your confidential information.

Desperate job seekers are being targeted by employment scammers, say security and legal experts.

Last month saw the number of people placed in permanent jobs fall to the lowest levels since the start of the year. Similarly, the Government’s emergency budget, aimed at cutting the deficit, will soon result in the loss of approximately 600,000 public sector jobs.

Legal experts say criminals are preying on a growing number of people who have lost their jobs. The most popular fraudulent scheme at the moment is mystery shopper positions.

Neeta Laing, head of employment law at Lewis Hymanson Small, said;

“Criminal fraudsters are taking advantage of the difficult employment situation. Job hunters have recently been targeted by fake adverts in local papers. Scammers advertise in local papers, asking workers to provide personal details and pay to become a member. The moment there is any mention of money upfront, alarm bells should ring.

“To check if an advert is authentic, look out for a registered website, Google the business, examine registered trademarks, call up the business to get more information and see if its legitimate.

Neeta continues;

“These opportunists are committing fraud. Many of these false companies are fronts for criminality, often involved in money laundering or identity theft and aimed at stealing money from bank accounts.”

Jim Watson, managing director of Shred Easy and a security expert, said;

“By registering for these false adverts you will be unwittingly giving criminals your bank account details, date of birth and email address. That means a canny criminal could get a passport in your name, open a bank account, take out loans and use your address. Its paramount to check out the authenticity of these adverts in local papers.”

Jim’s five top tips to spot a scam:

1) Use a search engine to research the company and look for reported scams

2) Beware of job adverts that ask to pay money

3) Never give your bank account details before securing a job

4) Be wary of spelling mistakes, grammatical errors and generic email addresses in ads.

5) Make sure the company has a registered office rather than just a PO box number

www.shredeasy.com

www.lhs-solicitors.com

Following this week’s Emergency Budget, by the new Chancellor, George Osbourne, here’s what our Financial Controller, Ged Taylor, has to say about the potential affects on SMEs.

Employment

Raising the threshold that companies start paying national insurance by £21 per week together with scrapping the previous Government’s planned increase in N.I. contributions, makes it easier for SMEs to employ more staff.

The cut in Corporation Tax by 1% for each of the next four years, taking the rate from 28% down to 24% will enable companies such as Shred Easy to re-invest more in growing the business and creating employment opportunities.

Fuel Duty

The high price of fuel is a major concern for many SMEs including ourselves. We welcome the fact that there are no further increases in fuel duty planned, although the increase in VAT in January 2011 will have an effect. It is hoped that this budget will signal a serious attempt to reduce the country’s deficit and lead to a strengthening of the Sterling against the U.S. dollar, which would push the price of fuel downwards.

Value Added Tax

It was inevitable that there had to be a major tax increase somewhere. The increase in VAT to 20% from January 2011 brings us in to line with our European neighbours. By increasing taxation on spending rather than earnings, this does not have a negative effect on encouraging people to work and generate wealth.

The fact that the increase comes after Christmas should ensure that the impact on the economic recovery is mitigated.

Whilst the increase may have some effect on our trading we recognise this as a necessary evil that will go some way towards reducing the massive deficit.

Tackling the deficit

Hopefully the public sector spending cuts that have been announced together with welfare benefit cuts, the levy on the banks and the VAT increase will give the international community confidence in our country. We would not wish to go the way of Greece and Spain with reduced credit ratings, forced cuts and subsequent higher borrowing costs.

As the UKs leading confidential document and data destruction company, we have boosted our team by employing a new compliance manager.

Nigel Boothby, 44, who has 23 years experience of maintaining security procedures, health and safety, operational procedures and quality systems, has been employed as head of compliance to maintain our rigorous professional and customer service standards.

Working with our existing environmental and quality management teams, he will also ensure a consistent and co-ordinated approach to maintaining our international ISO9001 and ISO 14001 accreditations.

We are at the forefront of the security sector and we are fully compliant with all professional, quality and environmental management systems, as well as health and safety and security regulations. By having Nigel in place ensures the highest levels of compliance going forward.

Jim Watson, managing director of Shred Easy, said:

“Nigel’s job is to ensure consistency and maximise security for clients. This demonstrates our commitment to providing the most secure solution in operation by consistently adhering to all security, quality and environmental standards for customers. Shred Easy are the only company operating in the secure destruction business that has set up this compliance role to ensure our customers benefit from the most secure and compliant service available. Our accreditations have all been achieved after completing intensive assessments relating to everything from the security of our facilities to the cutting width of the paper we shred.

“This issue has become increasingly important as the Information Commissioner’s Office (ICO) has increased penalties for businesses failing to destroy confidential data to £500,000. So it’s now more important than ever to be compliant.”

We are members of the the British Security Industry Association (BSIA), the UK Security Shredding Association (UKSSA), the European National Association for Information Destruction (NAID), and has UKAS accredited ISO 9001 and 14001 registrations.