Identity theft was the 2nd most common complaint that the FTC (Federal Trade Commission) received in 2015. And unfortunately, identify theft is only getting worse. Consumers spend more money on computer security, and I commend this, but what they fail to recognize is that cyber thieves are also common criminals that often stoop to just stealing papers found in your trash. Hackers are just as likely to employ old school cons and social engineering tricks as they are to sit in front of a keyboard all day. This misconception of the basic hacker is just another security weakness that consumers face. Cyber thieves can cut both ways so just like hard drives and network data, printed documents with personal data must be handled and destroyed properly before they get into criminal hands.
One Man’s Trash…
Everyday we receive mail that is littered with personal information about us including our name, address, birthdate, accounts, and credit card numbers. We all routinely throw away bills, ATM receipts, medical statements, and even junk mail but these paper trails form a shopping list for most hackers to start cooking up an identity theft scam. Cybersecurity best practices are all about making the cyber thieve’s job as hard as possible so by not properly disposing of these tossed documents, we are only making ourselves the prime target for attacks. Tampering with postal mail is a federal crime but that won’t stop most ambitious thieves. It is imperative to guard your mail box from all except your designated U.S. postal worker. If you suspect someone might be looking through your mail I recommend a discreet wireless security camera to be sure. If you are already sure that someone is tampering with your mail, getting a locked mail box or a PO Box at the local post office is a good solution.
But thieves do not just intercept incoming documents. They know the real treasure lies in outgoing papers sitting in our waste baskets and garbage cans. You cannot leave food scraps around the house or you will attract cockroaches and rodents. And if we do not properly destroy sensitive documents, we are doing the same thing for those who would harm us and our loved ones through identity theft. Not all paper shredders are created equally. Therefore, I highly recommend that everyone utilizes a quality, secure shredder to minimize risk of personal data compromises.
Do all shredders make the cut?
If you go shopping at Staples or any other office supply store, you will find an array of shredders. Most of these shredders fit into one of three categories. Price ranges between all three categories from $25 to $300 depending upon size and level of desired security.
1) Strip-Cut: (LOW LEVEL SECURITY) Cuts the paper into strips (typically 40-50 strips). This is typically a low cost shredder with minimal security. In other words, if a thief takes a little time, they can easily piece together a shredded document. And just like restoration software for erased hard drives, there are numerous computer applications available that can easily piece together paper strips too.
2) Cross-Cut: (MID LEVEL SECURITY) Slices and chops up the paper into little bits. An 8.5 x 11” standard letter is diced up into 200 small squares. Piecing together 200 confetti squares is far more challenging then piecing together strips. This is a common shredder used by most small businesses. There are also more advanced cross-cut shredders that cut 400 smaller squares improving on the security. If you’ve ever erased your hard drive, you’ll notice security options allowing one or multiple passes over the data. It takes longer but multiple passes always offer more security. Shredding paper is not much different.
3) Micro-Cut: (HIGH LEVEL SECURITY) Turns the paper into over 2,000 tiny pieces of confetti. This type of shredder makes it extremely difficult, if not impossible, to piece back together the original document. Most government agencies and large corporations that handle classified or secret information use micro-cut shredders. If you want super security then you can opt for a super micro-cut shredder that will obliterate a standard letter to over 6,200 micro pieces, and even 13,000 tinier pieces. All three types of shredders are relatively close in price when you consider the potential cost of being a victim of identity theft.
If you are wondering what shredders the NSA utilizes to keep their data secure, I can tell you that they use a even higher level of security then the micro-cut. Level P-7 shredding leaves tiny particles no larger than 1mm x 5mm. Good luck trying to re-piece that puzzle. Of course, we are talking about classified government documents that when shredded create over 15,000 particles per sheet.
There are also mobile shredding services that are offered that do a great job of properly shredding and disposing of confidential documents, but there are costs associated to this. Much like password management software services, paper shredding services are only as secure as their employees and protocols. If you do go this route it would be prudent to carefully do your research on such a shredding service to verify they absolutely and properly shred, dispose, and recycle your confidential documents. I personally use and recommend everyone invest in a high-level security, micro-cut shredder. Until we all go truly paperless, you can greatly reduce your likely hood of being hacked or having your identity stolen by properly shredding all documents containing personal data.