Not All Breaches Come Through Internet Hacks

Filed Under: IT and Security, Toolbox Articles

Not all identity thefts are created equally.

Most small business owners, when they hear “identify theft,” think of being hacked and having their infrastructure compromised; ransomware on a computer; someone opening an email with a virus and challenges that the email systems can be compromised.

For most of them, their daily chores of meeting payroll, finding and building new customers, managing employees and tending to all the other details of running a business keep them busy enough so that identity protection, while they recognize its importance, isn’t something they spend a lot of time thinking about.

“I’ve got it covered,” an owner might say. “We have an IT firm that looks out for us.”

Yes, but…

There’s another equally big threat to a company’s security that often doesn’t get the attention it should.

Not all identity theft comes through viruses and hacks on the Internet. Paper (files, correspondence) poses a big threat, as do the small devices such as laptops and smartphones which get discarded when they are no longer needed. Even the office copier is a potential source of trouble, with a hard drive that stores all the information that it scans and copies, such as payroll records.

Just one or two pieces of personal information left in an office trash bin are all that is required to steal an identity.  And an electronic device that is not completely destroyed can be a treasure trove for the criminally intent.  The importance of securely shredded documents and the proper destruction of hard drives, tapes and small portable electronics cannot be overstated.

Even as we migrate more towards a “paperless” state there are still many instances where highly sensitive information is stored in paper format. The type of information businesses discard daily is monumental. Financial statements, net worth information, partnership agreements, detailed memorandum about wills and testaments, and more. Any and all of this information contains the ammunition necessary to raid financial, health and other personal records. The reality is that humans make mistakes; even those sworn to protect the sensitive information they routinely discard can slip up – a blunder that could land highly confidential information into the wrong hands and open a business up to fines and remediation expenses.

Legally, people can dig through trash if it is left in a public dumpster or trash bin. Once the trash is placed there, that person or company has essentially forfeited their ownership rights to the items, as the property is now in the public domain. The implication is that someone could legally sift through your company’s trash looking for confidential information.

What can you as a business owner do to limit the potential of this happening to you?


  1. Be certain that you have a secure, dependable system for destruction of all papers that are not needed any longer. And of course, before you destroy them, while you are still keeping them in your company’s custody, be certain that they are in a securely locked draw or file. When it is time to discard them, either utilize an outside shredding service to destroy the documents on site, or at the shredding service’s facility. Prior to these documents leaving your possession, be certain they are stored in locked bins.
  2. Never return a copier at the end of lease without knowing that either the hard drive has been shredded, or overwritten. A full service shredding company can destroy these hard drives for you.
  3. Treat smartphones and laptops with the same seriousness as paper products. Destroy them rather than leaving them around where the information on them could be accessed.

The best way to thwart criminal efforts is through the proper destruction of valuable data.  No question – IT and software solutions can go a long way toward protecting a company’s infrastructure, but don’t forget where the paper trail ends.

Rick Carey is the founder of and a partner at, a Datasafe Information Security company. Reach him at