A five-step shredding crash course for employees
In many businesses, most employees have no idea about the security risks in every stack of papers that crosses their desks. A company-wide document shredding policy is your first line of defense against data breaches. To create a more “shred-aware” workplace, start with our five-step crash course.
1. Make your shredding policies a key aspect of new-hire orientation/training.
Everyone needs to understand his/her role in reducing information security risk. Drive the point home with real facts: “If identity theft results because we don’t follow our shred policies, we could be on the hook for thousands of dollars or more.” (In the case of HIPAA violations, jail time can result, too.) Take our quiz to see how well you’re in control of your files.
2. Advertise your shred policy heavily.
Hang posters around the office, print tent cards for the break room, and mention it in every employee newsletter. Even integrate a prominent, standard footer into all company emails: “If you print this email, please shred it.” In short: Always keep shredding at the forefront. Know the Pros for a Shred Everything Policy.
3. Replace paper recycling bins with shred bins.
It’s hard to miss the message they send: “Shredding is the new recycling.” If you engage with a professional shredding vendor, they will typically provide locking shred bins so that files can’t fall into the wrong hands en route from desk to shredder. (Remember: Corodata recycles all the paper we shred—your environmentally conscious workers will appreciate that!)
4. Equip every associate in your HR and Finance departments with a private, under-the-desk shred bin.
Nowhere else in your company is the need for maximum information security greater. A locking private mini-console is a safe and secure alternative to your personal shredder. About the size of a bankers box, this locking unit quietly protects your data, saving time and cutting out noise.
5. Promote this rule of thumb: “Shred any document containing sensitive information.”
Of course, you must make clear what “sensitive information” means.
First and foremost, there’s personal information:
- Addresses (including email)
- Any identification numbers, such as Social Security, passport, driver’s license, or credit card number
- Telephone numbers
- Personal or physical characteristics, including photos
- Any information related to personal property, such as car registration or title number
Then there’s sensitive business information:
- Copies of invoices, packing lists, purchase orders, etc.
- Employee and payroll records
- Email printouts
- Copies of marketing and product development plans
- Financial records
This crash course has no final exam.
Shred awareness isn’t a “set-it-and-forget-it” thing. You need to constantly monitor your employees’ adherence to your shred policy (even checking trash cans for sensitive documents). And when executives and managers follow shredding policies day after day, they’ll set a positive example that others will follow.
For many companies, outsourcing their shredding to a trusted vendor like Corodata is a highly cost-conscious way to efficiently handle their shredding volume, keep their companies running efficiently, and manage their risks.
Next: You may not be subject to HIPAA, but you can learn a lot from it. Learn about three HIPAA takeaways for any business ».
Do you know what you are supposed to be shredding?
As your company grows and industry regulations change, shredding protocols have also adapted. How knowledgeable are your employees about these practices?