June 30, 2016

Shred-it Exposes Dangers of Overlooking Physical Data Security

Singapore, 4 July 2016 – While Singapore officials have announced plans to make the country a leader in data and cyber security with new Personal Data Protection Act (PDPA) laws in place, a new white paper issued by Shred-it reveals that purely focusing on digital security creates alarming gaps in most business’s data protection strategies. While the recent first round of enforcement of the PDPA centred on IT related breaches, the white paper has been released at a critical time where data protection strategies are paramount to a business’s survival. The document details some of the often overlooked ways by which these data leaks occur, and suggests some strategies to plug these leaks.
Organizations Face Major Losses from Both Physical & Digital Data Leaks
Shred-it’s white paper reveals an alarming statistic – the typical organization loses 5% of its revenues to fraud each year[1]. For any business, especially smaller ones, that level of consistent revenue loss puts the profitability of the company at unnecessary risk. Data leaks can result in potentially huge losses, as over 20% of fraud cases involve losses equivalent to at least S$1.37 million[2]. With the Personal Data Protection Act (PDPA) receiving 3,700 complaints since coming into full effect in July 2014[3], businesses are finding themselves in an economy where data leaks can be highly detrimental to both their reputation and their bottom line. The scope of the issue is clearly of concern, with further research indicating that card fraud (an issue closely associated with identity theft) affected 28% of the population in Singapore over the previous five years[4].

While several companies have taken a cue from the digital landscape and focused their protection measures on cybersecurity, Shred-it’s white paper makes it clear why the impact of physical data losses on a business’s overall data security is large enough to warrant more attention. For instance, stolen mobile phones can leave any confidential information contained within at risk of unauthorised access and potentially public exposure.
The white paper also reveals other seemingly innocuous physical methods by which confidential data can find its way into unauthorized hands, such as by tossing important documents into recycling bins or leaving papers at accessible locations like in office printers or on messy office desks.
Insider Threats on the Rise – Accidental Breaches & “Social Hacking”
While the recent focus of data security strategies has been concentrated on securing digital platforms to deter hackers, this still leaves many companies vulnerable to data breaches because it ignores the fact most fraud incidents reported (58%) are perpetrated by employees[5]. As such, digital data security protection from external threats remains ineffective in many data leak cases. While some of these insider data leaks may have been malicious, many were cases of accidental breaches (for example, a cleaning lady selling office paper unknowingly containing confidential information to third parties for recycling). The advent of phishing scams in recent times also points at a trend of “social hacking”, whereby hackers take advantage of employees’ gullibility to gain knowledge of and access to secure company environments instead of directly hacking a company’s data system.
A Holistic Secure Environment for Full Data Security
Although cybersecurity is undoubtedly essential, Shred-it’s white paper reveals the urgent need for businesses to adopt a more well-rounded approach to data protection to effectively guard themselves from potential breaches. “We believe every business would do well to take a holistic approach to data security, which involves taking into account physical security, digital security and human behaviour,” says Duncan Brown, General Manager of Shred-it Singapore. “Companies need to focus on methods to protect both physical and digital security, while at the same time putting processes in place to ensure employees are not susceptible to accidental breaches or phishing scams while still being able to carry out their duties without too much red tape.”

This three-pronged approach involves implementing office procedures such as a “Shred-it All Policy”, whereby employees need to shred all confidential documents instead of dumping them into the recycling bin or leaving them out on their desks. This ensures that while a company’s digital data remains protected, confidential data in physical form is also destroyed before finding its way into the hands of third party waste or recycling companies.


[1] ACFE, 2016, Report to the Nations on Occupational Fraud and Abuse

[2] ACFE, 2016, Report to the Nations on Occupational Fraud and Abuse

[3] Personal Data Protection Commission – Enquiry and Complaint Figures (January 2015 – March 2016)

[4] ACI Universal Payments, 2014, Globally, 1 in 4 Consumers Victimized by Card Fraud

[5] KPMG, Singapore Fraud Survey 2014