If you have a sizable contract with a shredding company, keep reading.
The Shred Bin Security Conundrum
Your organization realizes they need help getting rid of their wastepaper. Some of it can be recycled. Easy. There are plenty of recycling companies around. Some of it, however, contains sensitive information that must be destroyed.
So, you contact your local "I-Rip-A-Part" shredding company.
You are offered your choice of two shred bin styles, if you are lucky. The elegant particle board beige box, or the converted garbage can.
Both scream security joke. But hey, they only gave you two choices. So, you take what "I-Rip-A-Part" gives you. After all, it's their business. They know best.
Your employees may not laugh out loud, but they get the message. Management either doesn't know much about shred bin security, or they only care enough to make it look like they are doing their due diligence. The result...
Pretty soon these start popping up.
Who's laughing now?
Just the office snoops, competitive intelligence professionals, activists, news media, hackers, etc.
Let me provide some background before providing a workable solution. The crummy shred bin issue is a problem for most U.S. based organizations.
The problem has two roots:
- A lack of understanding about information security on the part of the confidential information custodians.
- Shredding companies preying on this ignorance to maximize their profits. (Number one allows number two.)
Attacks include: unscrewing the cabinet, picking the cheap lock, sticking a $8.00 flexible grabber through the slot, bending the plastic lid back, or pulling the inner liner bag through the slot... more
