The Australian Federal Police warn that both individuals and businesses are at risk of identity theft. Simple changes in personal behaviour can make a difference to identity security. If you or your business becomes a victim of identity fraud, make sure you contact the relevant authority within your state or territory to report this crime.
When disposing of monthly bank and other financial statements you should tear them up at the very least before putting them in recycling. Better yet would be to destroy them in a cross cut shredder.
Financial Advisor Scott Pape told me
“the easiest way to takeover someone’s identity is not high tech ways like stealing a Facebook login but to go through their paper recycling bin”.
The Australian Federal Attorney General guide to Protecting Your Identity suggests Australians should:
“destroy all old records, files, bills, unsolicited credit card application forms, expired cards – by tearing, cutting up, shredding or burning them before you throw them in the recycling or waste paper bin.”
These procedures are particularly important around high-risk times when many people receive and throw away the same kinds of documents such as census forms.
The Federal Attorney General’s department Physical security management guidelines state that:
“Commercial strip shredders are not suitable for the destruction of classified or sensitive waste. Anybody wishing to access the information will have little difficulty reconstructing the pages from the resultant strips. Cross cut shredders produce smaller pieces that are harder to reconstruct. The smaller the particle size the more secure the results.”
The Office of the Australian Information Commissioner (OAIC) reminds businesses and government agencies that have responsibilities under the The Data Security section of National Privacy Principles in the Privacy Act 1988
“to make sure that the personal information of their customers is handled in accordance with the Act … stored securely and destroyed or de-identified if it is no longer needed”.
Some information destruction companies have heavily branded transport vehicles.
Anthony Tanti from Sydney based Secure Document Destruction Company (SDDC) told me they use unmarked vehicles as drawing attention to a truck containing valuable government/corporate information is an unnecessary security risk.
This lock on SSDC’s transport vehicles is ASIO T4 approved. Investigation into work practices and accreditation by ASIO’s T4 department is required before a company can perform secure information destruction work for government departments.
An information destruction company that isn’t ASIO T4 approved or a member of National Association for Information Destruction (NAID) isn’t regulated in any way and doesn’t have to operate to any particular standard. With spot prices for good quality waste paper potentially worth up to $300/tonne a cowboy operator could charge customers a premium for document destruction but really just be on-selling the paper straight to recyclers such as AMCOR or VISY.
A wide variety of items are sent to SDDC by their customers for destruction including storage media, credit cards, cheque books, software installation disks, mobile phones, laptops and emergency services uniforms. One of their strangest jobs was destroying a box of plaster of paris teeth casts from a dentist.
Physical destruction of hard drives ensures that data cannot be recovered from them. The USA’s National Security Agency (NSA) Media Destruction Guidance list suggests Degaussing as an alternate method of irrevocably wiping magnetic storage media.
Backup Floppy disks, CD’s and DVD’s are now considered obsolete due to their low capacity. The data from obsolete storage media is being format shifted to network storage and other high capacity storage solutions, so they have to be destroyed to ensure organisational information stored on them is inaccessible.
The number of smartphones submitted for destruction is growing as they break more easily than older brick shaped mobile phones, the upgrade cycle is shorter and they can contain many gigabytes of data.
Expired corporate bank/credit cards and staff ID cards taken from ex-employees need to be destroyed to prevent financial fraud or attempted unauthorised entry into secure sites.
The shift from film to digital video recording continues with the last film movie camera makers recently stopping production. Similarly organisations are getting rid of film archives that have been digigised or haven’t got archival value.
In the past photography studios used large amounts of film and accumulated unsold printed photos and film negatives. The vast majority have switched to digital photography and old negatives and prints that don’t need archiving are being destroyed to free up physical storage space.
This is an extended version of a feature photo gallery article created by me for IDG Australia’s Chief Security Officer website.