Today, in the modern, digital landscape, the need to be cyber secure is imperative to ensuring future business success - no matter your seat size or industry. While new trends such as zero trust security, or VDI can help strengthen your cybersecurity, today we want to revisit a more analog version of cybersecurity that is imperative to keeping your employees, clients, and your business data secure: shredding.
Document destruction services such as shredding should not be overlooked when reviewing your company’s cyber hygiene. Easy access to physical documents can jeopardize your business, whether that be your company’s financial information left on a printer unattended, or an employee’s social security number left on the desk of human resources.
This blog will guide you through what to keep, what to shred, and how to train your employees to be more cyber secure.
The Internal Revenue Service has some straightforward guidelines for how long you should keep your tax records.
Rule of thumb: Keep all tax returns - these should be permanently on hand. All other supporting documents can be kept up to seven years - when the period of limitations for the tax return runs out. Supporting documents include records that support an item of:
However, if you are very thorough with your tax documents ( i.e. if you filed your return, if it was genuine (not fraudulent)), you can reduce the period of limitations to three years.
See IRS for the complete list.
Keep employment tax records for at least 4 years after the date that the tax becomes due or is paid, whichever is later. These records include:
If you still only receive your bank or credit statements via paper/mail, hold onto these records for twelve months. If the record is tax-related, such as charitable statements, hold onto those for three years.
If this information is accessible via online portal, shredding paper statements sooner can help protect this information from prying eyes1.
Keep these records to help you figure any depreciation, amortization, or depletion deduction to figure the gain or loss when you sell or otherwise dispose of the property.
To be safe, you can shred your property documents seven years after you no longer own that property.
According to Home the U.S. Equal Employment Opportunity Commission (EEOC)2, employers must keep all personnel or employment records for one year. If an employee is involuntarily terminated, his/her personnel records must be retained for one year from the date of termination. Other employee documents and their timeframes include:
*FP = Full period the plan or system is in effect and for at least one year after its termination
Keep all legal documents - contracts and legal correspondence should never be shredded. Hang onto documents related to any legal claims or lawsuits, even the potential ones.
Aside from what is listed above, the Better Business Bureau has one very simple rule when it comes to shredding:
If you don’t need it, shred it - responsibly.
To help teach your employees to shred everything on a regular basis, consider implementing a Shred-All Policy.
A Shred-All Policy is pretty straightforward - shred every document once it is no longer needed. Shred-All Policies are effective for preventing security breaches by eliminating the chance for human error (i.e. confidential paperwork doesn’t have the chance to fall into the wrong hands), and it helps your organization stay compliant if you fall under laws like HIPPA or FACTA.
Implementing a Shred-All Policy also helps eliminate employee confusion on what to shred and what not to shred. By keeping the rules simple - shred everything - employees no longer have to decide what is and what is not confidential.
Shred-All Policies can be implemented in just three easy steps:
Another “analog” method to cybersecurity you can use is implementing a Clean Desk Policy.
A Clean Desk Policy specifies how employees should leave their working space when they leave their office. Most policies require employees to clear their desks of all papers at the end of the day such as:
We recommend taking a step further and ensuring all employees put their computer to sleep every time they leave their computer to ensure their computer isn’t accessible to bad actors.
Implementing a Clean Desk Policy requires employee training on policy guidelines, providing locked storage for valuable documents (that aren’t ready to be shredded), and ensuring managers perform regular spot checks.
Whether you’re looking to perform yearly purge jobs, or you’re interested in implementing a Shred-All Policy, a third-party shredding provider can help you securely and responsibly destroy and dispose of your confidential documents.
VLCM Intellishred offers professional, high-level, secure document destruction services for the State of Utah. We specialize in onsite shredding, secure containers, recurring pickups, proof of protection, and are NAID Members - which means we strive to adhere to the stringent security practices and procedures established by the National Association for Information Destruction. We also offer 1-time scheduling, purge jobs, hard drive destruction, and securely recycle the job once it is destroyed.
Talk to one of our shredding experts today by visiting www.vlcm.com/intellishred.