Shred-it Exposes Dangers of Overlooking Physical Data Security

SINGAPORE - Media OutReach - Jul 4, 2016 - While Singapore officials have announced plans to make the country a leader in data and cyber security with new Personal Data Protection Act (PDPA) laws in place, a new white paper issued by Shred-it reveals that purely focusing on digital security creates alarming gaps in most business's data protection strategies. While the recent first round of enforcement of the PDPA centred on IT related breaches, the white paper has been released at a critical time where data protection strategies are paramount to a business's survival. The document details some of the often overlooked ways by which these data leaks occur, and suggests some strategies to plug these leaks.

Organizations Face Major Losses from Both Physical & Digital Data Leaks

Shred-it's white paper reveals an alarming statistic -- the typical organization loses 5% of its revenues to fraud each year[1] . For any business, especially smaller ones, that level of consistent revenue loss puts the profitability of the company at unnecessary risk. Data leaks can result in potentially huge losses, as over 20% of fraud cases involve losses equivalent to at least S$1.37 million[2] . With the Personal Data Protection Act (PDPA) receiving 3,700 complaints since coming into full effect in July 2014[3] , businesses are finding themselves in an economy where data leaks can be highly detrimental to both their reputation and their bottom line. The scope of the issue is clearly of concern, with further research indicating that card fraud (an issue closely associated with identity theft) affected 28% of the population in Singapore over the previous five years[4] .

While several companies have taken a cue from the digital landscape and focused their protection measures on cybersecurity, Shred-it's white paper makes it clear why the impact of physical data losses on a business's overall data security is large enough to warrant more attention. For instance, stolen mobile phones can leave any confidential information contained within at risk of unauthorised access and potentially public exposure.

The white paper also reveals other seemingly innocuous physical methods by which confidential data can find its way into unauthorized hands, such as by tossing important documents into recycling bins or leaving papers at accessible locations like in office printers or on messy office desks.


Insider Threats on the Rise -- Accidental Breaches & "Social Hacking"

While the recent focus of data security strategies has been concentrated on securing digital platforms to deter hackers, this still leaves many companies vulnerable to data breaches because it ignores the fact most fraud incidents reported (58%) are perpetrated by employees[5] . As such, digital data security protection from external threats remains ineffective in many data leak cases. While some of these insider data leaks may have been malicious, many were cases of accidental breaches (for example, a cleaning lady selling office paper unknowingly containing confidential information to third parties for recycling). The advent of phishing scams in recent times also points at a trend of "social hacking", whereby hackers take advantage of employees' gullibility to gain knowledge of and access to secure company environments instead of directly hacking a company's data system.

A Holistic Secure Environment for Full Data Security

Although cybersecurity is undoubtedly essential, Shred-it's white paper reveals the urgent need for businesses to adopt a more well-rounded approach to data protection to effectively guard themselves from potential breaches. "We believe every business would do well to take a holistic approach to data security, which involves taking into account physical security, digital security and human behaviour," says Duncan Brown, General Manager of Shred-it Singapore. "Companies need to focus on methods to protect both physical and digital security, while at the same time putting processes in place to ensure employees are not susceptible to accidental breaches or phishing scams while still being able to carry out their duties without too much red tape."

This three-pronged approach involves implementing office procedures such as a "Shred-it All Policy", whereby employees need to shred all confidential documents instead of dumping them into the recycling bin or leaving them out on their desks. This ensures that while a company's digital data remains protected, confidential data in physical form is also destroyed before finding its way into the hands of third party waste or recycling companies.

To download a complimentary copy of Shred-it's white paper, "Identity Theft -- What the Future Holds", please click on this link . For more information on Shred-it and how its products and services help businesses protect their data, please visit .

Company Logo

About Shred-it

Shred-it is a world-leading information security company providing information destruction services that ensure the security and integrity of our clients' private information. A wholly, owned subsidiary of the US based business to business services company Stericycle, Shred-it operates in 170 markets throughout 18 countries worldwide, servicing more than 400,000 global, national and local businesses. For more information, please visit .

Duncan Brown, General Manager, Shred-it Singapore

As the General Manager of Shred-it in Singapore, Duncan's top priority is to advise and consult with companies on the urgency of safeguarding all their confidential data in a physical format especially when safe disposal is required. Throughout his years of experience in the data security industry, Duncan has realized that while many business owners understand the value and best practice of protecting online data, the same level of awareness does not always translate to physical copies of this confidential information.  As companies begin to crack down on data security issues, Duncan Brown is on a mission to ensure that companies do not overlook the importance of protecting their physical data in line with often more defined cybersecurity measures.

A graduate from the University of Nottingham in 2000 with a Bachelor of Arts in History and a Masters in International Relations, Duncan has worked tirelessly to instill himself with a broad global perspective. This undying passion coupled with his innate competitive nature has made him a tireless advocate for a holistic approach to data security.

In Duncan's experience, although businesses do make use of several measures to dispose of physical data (e.g. shredders, recycling bins), almost none of them account for the fact that middlemen such as cleaners for example could have an opportunity to sell discarded paper to third parties. Duncan and his team at Shred-it are resolute in their goal to protect companies from such data breaches with their comprehensive end-to-end chain of custody service. From the secure storage consoles, vetted collection staff and thorough cross-cut shredding, through to the eventual recycling and disposal of the paper, Duncan is proud that the service he represents guarantees full data protection, a verifiable audit trail and is environmentally friendly to boot.

[1] ACFE, 2016, Report to the Nations on Occupational Fraud and Abuse

[2] ACFE, 2016, Report to the Nations on Occupational Fraud and Abuse

[3] Personal Data Protection Commission -- Enquiry and Complaint Figures (January 2015 -- March 2016)

[4] ACI Universal Payments, 2014, Globally, 1 in 4 Consumers Victimized by Card Fraud

[5] KPMG, Singapore Fraud Survey 2014