July 12, 2018
Even if your workplace has strong security policies, the lax security system of an external vendor you have hired could still put your organisation at risk. This means it is your responsibility to learn how you can minimise the risks of a data breach when it comes to engaging 3rd party secure shredding companies. Some data breaches do occur by hackers, but one of the biggest threats to information security is simple human error and negligence.
Do Your Research
One of the most important things you and your organisation should do before engaging an external vendor is to do your background research on them. Are their employees security cleared? Are their procedures for collection and destruction secure at every step? Have they been involved in a data breach before, whether directly or indirectly? Putting in the work to research the vendor will go a long way when it enables you to cut ties with an organisation that has been the cause of a data breach before.
Analyse the Data Given to Them
Assess the importance of the data that will be given to them and understand the repercussions that could happen if a data breach were to occur. Identify the possible risks in the steps the vendor practices that could lead to a leak of data belonging to your organisation and your clients. Remember that loopholes in physical data security tend to occur more frequently and are equally as damaging. Make sure your shredding service provider has secure chain of custody processes in place.
Identify Any Fourth Parties Present
It is completely possible for the vendor to use another external party of their own that will end up handling your organisation’s data. In Singapore, it is very common for organisations to dispose of unwanted documents with the Karung Gunis, adding another touch point that can open you up to a data breach. It is near impossible to track what happens to your data when it lands in the hands of a fourth party, so be sure that your vendors will not hand off any of your information.
Use OSPAR certified organisations
If you’re a financial institution in Singapore, great news! The Association of Banks in Singapore has made it mandatory for financial institutions to have their external vendors audited by an external auditor. The Outsourced Services Providers Audit Report (OSPAR) will provide external vendors with a credibility that ensures all vendors maintain an equivalent level of governance and rigour. This way, when engaging an external vendor, the easiest method to ensure your data remains safe is to use OSPAR certified organisations.
Shred-it Singapore underwent the rigorous and thorough audit from 1st March 2016 to 31st August and became one of the first few organisations in Singapore to be OSPAR certified.
Start Protecting Your Business