Most companies make special efforts to keep certain types of information secret. This information can include customer lists, financial records, employee and payroll records, product development plans, and many other types of confidential information.
Methods used to protect confidential information can include high-security file cabinets, card reader systems used to control access into sensitive areas, and encrypted fax machines used to send and receive confidential information.
Despite these precautions, the employees of many companies continue to throw sensitive information into trash or recycle bins. If you don't think this is a problem at your company, make random inspections of your outgoing trash - I guarantee you that you will be surprised!
Periodic inspections of trash bins will usually show that much confidential information is routinely disposed of in an improper manner. Documents routinely found during trash inspections usually include:
- Copies of customer invoices, packing lists, and order confirmations. This information can be used to create a list of your customers and the prices that they are paying for your products.
- Copies of purchase orders. These documents can provide information concerning the suppliers that you are using and the prices that you are paying for raw materials.
- Employee and payroll records. These documents may provide a listing of employee names and information concerning salary and benefits.
- Printed copies of e-mail correspondence. This information can be especially damaging because e-mail messages are frequently composed in a casual and sometimes careless manner. (Comments sent via e-mail have been used as damaging exhibits in many recent lawsuits.)
- Copies of marketing and product development plans.
- Financial records. While formal financial statements are usually treated confidentially, many types of "back-up" documentation, including sales reports, accounts receivable reports, and accounts payable reports are frequently found in trash bins.
It is important to understand that while the information found in your trash bin on any one day may not be significant, the cumulative information gathered over a period of time can be extremely damaging. For example, finding a copy of a few invoices in the trash wouldn't provide your competitor with a complete list of your customers, but having several months worth of your invoices probably would.
Also consider that things other than documents can contain information that may be damaging for your organization if they fall into the wrong hands. For example, many companies produce prototypes and packaging for new products that they are developing. These items can give competitors advance knowledge of your product development cycle and should be treated in the same manner as confidential documents.
What steps can be taken to prevent sensitive information from being thrown into the trash? Silva Consultants suggests the following:
- Conduct periodic inspections of your outgoing trash and recycle bins. This provides a method to accurately track just how much confidential information at your company is being improperly disposed of.
- Provide awareness training for all employees concerning the proper handling and disposal of confidential information. This must be an ongoing effort - employees will always resort to doing what is the least trouble for them.
- Provide shredders to allow for the destruction of confidential information. Shredders should be conveniently located near where confidential documents will be disposed of. If employees must travel a long distance to shred a document, they will probably throw it into the trash instead. Investing in the purchase of a few extra shredders can greatly improve the chances that sensitive documents will be shredded.
- Make sure that the shredders that you are using are suitable for the job. Shredders can cost as little as $40 - or can cost $3,000 or more. Differences between shredders include the capacity that they can handle (rated in number of sheets and/or feet per minute), size of documents (letter-sized or wide enough to handle computer printouts), duty-cycle (operate continuously or require "cool-down" period between shreds), ability to handle staples/paper clips, and size of shred. Lower security (less expensive) shredders usually provide a "straight-cut" shred. Higher-security shredders usually provide a "cross-cut" shred that makes it much much more difficult to reconstruct a shredded document.
- For best security, consider the use of a "DOD Specification" shredder. This type of shredder meets USA government specifications for destruction of confidential, secret, top secret, cryptographic and COMSEC materials. This shredder reduces even the most sensitive material into ultra-secure 1/32" x 1/2" bits.
- If you have a large volume of documents that must be shredded, you may wish to consider the use of a "document destruction" service. Providers of this service operate trucks that are equipped with high-volume shredders. On a periodic basis (usually weekly), these trucks will come to your facility and gather confidential documents for shredding. In most cases, documents will be shredded at your premises and then the waste paper will be hauled away by the document destruction service. One word of caution: the use of this service requires that containers be provided on-site to store documents for shredding. If these containers are not properly secured, they pose a real security weakness, as they are a spot where a large quantity of confidential information can be gathered with a minimum of effort. (At one location we surveyed, the client stored documents to be shredded in open cardboard boxes which were labeled "sensitive information to be shredded". Needless to say, we recommended to the client that a better method be used to store sensitive information.)
- Watch out for information thrown in "recycle bins." Many employees, in a desire to be environmentally conscious, will place confidential information into a recycle container. Recycled paper may be handled by a number of brokers before it is eventually made into new paper. Sometimes, recycled paper is sent to foreign countries for processing. Because of this, any document placed into a recycle bin should be considered as released to the public.
- Make sure that all shredded material is recycled. Let employees know that shredding material is the best way to assure that it will be recycled properly.
- Keep trash and recycle containers locked. Store containers inside of the building when possible and only bring them out at the time when a trash or recycle pickup is expected.
Like this article?
Visit our Security Tips page for more than 60 additional articles on a variety of topics related to physical security
Follow us on Twitter to be notified when new Security Tips are published
Did You Know?
Silva Consultants is an independent security consulting firm and does not sell security equipment or products
Silva Consultants can assist you in the design and planning of an effective security program and in the selection of security products and services
Please contact us for further assistance