While I would not say I’m a germophobe, COVID-19 has certainly made me more aware (and more paranoid) of the sanitisation habits of those around me, and the necessity for handwashing, cleanliness, and distancing. Much like the invisible pandemic, data has a tendency to spread without you realising it, and it is vitally important to have proper habits in place to prevent data oozing out and proliferating everywhere. It’s now December, and we’re going to have plenty of datapoints moving in and out of our lives with festive shopping, wrapping up work for the holidays, and possibly spending time cleaning our homes after a crazy year. In this article I’ll discuss some justifiable paranoia in terms of safety – both digitally and in the real world.
Sanitise anything leaving the house
When you dispose of data, you need to make sure it is not readable after the fact. On the surface, this means shredding documentation with personal information on it. There are plenty of places that are broader than just invoices and paper communications that contain an inordinate amount of data about you. Data in a digital sense ranges between USB flashdisks, old CD/DVD backups, old mobile phones, old computer equipment and more, while paper-based data could be invoices, receipts, credit card slips and more. Let’s tackle some of the biggest culprits below.
Throwing away credit cards should be done in stages unless the card has passed its expiry date entirely. Cards that are cut up but not expired can still be used for online purchases, and if you’ve disposed of a card in one go (no matter how many pieces its in), it’s an invitation for fraud.
Credit card slips
Purchase receipts where you’ve paid by card often will have the cardholder’s name printed on them. Coupled with an invoice (the two are often stapled together), someone can see your name and what you’ve purchased. While not a crazy invasion of your privacy, these little slips can lead to identifying you from what would otherwise be an anonymous trash bag.
Invoices and bills
These are the usual suspects that end up in a trash bag. Depending on the type of document, you will find a varied array of personal information. If the bills happen to be for medical attention you’ve received, there is a high risk of someone becoming aware of very sensitive information.
Old CD/DVD backups from yesteryear
Many of us who have been in business for a while would have a pile of DVD-R’s in a cupboard somewhere with old backup data on it. These are still readable, and you shouldn’t underestimate the curiosity of people who get their hands on them. Any discs leaving your house should be destroyed. Discs can easily be shattered or damaged beyond use, though ideally you can use a shredder that supports shredding credit cards and CD’s.
Airline ticket stubs (or anything with a detailed barcode)
The detailed barcode on an airline ticket stub contains a fair amount of information about you. Don’t dispose of these lightly, ensure that you have shredded them. Barcodes on these tickets contain your name, loyalty numbers, booking numbers, flight details and more. (As a sidenote: STOP POSTING YOUR AIRLINE TICKETS TO INSTAGRAM!)
These documents contain your address on the front, as well as details of the contents of your house. If you have an insurer that still sends paper-based insurance schedules, I would ask them to stop immediately and rather send it to your email address. The risk on these documents is WAY too high, and you should ensure it is shredded properly.
Old hard drives and flash drives
The same rules as CD’s and DVD’s apply here. Disposing of these drives should be done with physical destruction of the device, or by means of “secure erasure”. Formatting a hard drive, SD card or flash drive does not actually remove the data, it is much more akin to taking a piece of paper and just painting over it with white paint. If you scrape the paint off, you can still see what is underneath.
What is the context of what you’re disposing?
This is a really important factor that a lot of people do not consider. Data has context and information can be inferred. What I mean by this is that people can put together different types of information to gather data about you (intelligence). This is where the real germophobia (or dataphobia) comes in – what can people deduce about you from what you dispose of?
As an example, if you dispose of something innocuous (credit card slip) that has your name on it, in your outdoor bin that has your property number on it, and you also throw away a user manual for the alarm system you just fitted – you’ve just given a lot of information. We now know your name, your address, and what type of alarm system you have. This is an extreme example, but it gives you an idea of what could be ascertained. Disposing of expensive, luxury goods’ packaging could also make you a target in exactly this way.
So what should you do?
As paranoid as everything above is, it all comes down to a very simple solution. Buying a shredder for your home is a worthwhile investment and insurance policy against data being used for nefarious purposes. Shredders come in a range of security levels, generally from 1 (thick strips) to 7 (dust). A security rating of 3 or 4 (cross-cut shredding) is generally more than adequate for home. I personally use an Ideal Shredcat 8240; Ideal is a great brand out of Germany and has proven very reliable and very affordable and I would highly recommend them. Simply put in a home “policy” of shredding everything that leaves the house.
Ross G Saunders Consulting offers a number of solutions that can drive your compliance and security maturity; from affordable 16 week group coaching programmes to comply on your own, through to advisory retainers and full programme management. To find out more about the offerings available, book time directly with Ross using the calendar below.