Shred Bin Security — How to upgrade it… probably for free!
If you have a sizable contract with a shredding company, keep reading.
The Shred Bin Security Conundrum
Your organization realizes they need help getting rid of their wastepaper. Some of it can be recycled. Easy. There are plenty of recycling companies around. Some of it, however, contains sensitive information that must be destroyed.
So, you contact your local “I-Rip-A-Part” shredding company.
You are offered your choice of two shred bin styles, if you are lucky. The elegant particle board beige box, or the converted garbage can. Both scream security joke. But hey, they only gave you two choices. So, you take what “I-Rip-A-Part” gives you. After all, it’s their business. They know best.
Your employees may not laugh out loud, but they get the message. Management either doesn’t know much about shred bin security, or they only care enough to make it look like they are doing their due diligence. The result…
Pretty soon these start popping up.
Who’s laughing now?
Just the office snoops, competitive intelligence professionals, activists, news media, hackers, etc.
Let me provide some background before providing a workable solution. The crummy shred bin issue is a problem for most U.S. based organizations. The problem has two roots:
- A lack of understanding about information security on the part of the confidential information custodians.
- Shredding companies preying on this ignorance to maximize their profits. (Number one allows number two.)
Most shred bins being provided by shredding companies are nothing more than security theater; a mental bandage playing to the threat. They are inexpensive, ineffective, and won’t prevent any semi-espionage adept person from taking what’s inside. Attacks include: unscrewing the cabinet, picking the cheap lock, sticking a $8.00 flexible grabber through the slot, bending the plastic lid back, or pulling the inner liner bag through the slot.
The worst case we’ve come across was a box whose bottom was intentionally kicked in. Two of the four 1/4″ dowels holding the bottom in place broke, leaving the other two to act as pivot points. The box looked secure, but tip it forward and the bottom became the Ali Baba, “open sesame,” swinging door to information riches.
Demand Better Shred Bins
We had a shredding company tell one of our clients, “If someone really wants to break into a bin, the additional locks won’t add much protection.” That’s pathetic. Think about it. They are in the protection business, and they complacently admit this is the best they can do? They went on to scare my client with the monstrous cost of converting all of the bins.
Obviously, they looked at increasing the client’s shred bin security as a bother, and they were trying to talk them out of doing it. There was zero concern for the value of the client’s information should it fall into the wrong hands. And… without that concern, the shredding company’s whole reason for being gets flushed down the drain. (Let me at that handle.)
Customers deserve better. Security providers should be providing creative thinking and problem solving advice, not lazy excuses.
Admittedly, security is never absolute, but it should always answer the question,
“How high do we build the wall?”
Answer, “High enough to keep them out!”
High-Security Shred Bins Are Available
Don’t believe Mr. “I-Rip-A-Part.” (Go ahead, say it fast.) Quality shred bins which will really keep your confidential wastepaper safe are available. They cost more, but a whole lot less than the cost of stolen information. The best part is, you can demand your shredding company provide them, or you’ll go to a vendor who will.
This is the type of high-security bin my European clients are using. They take information security very seriously.
It’s the best I have ever seen, but not readily available in the U.S.
To the right is one of the best high-security bins I can currently find for my U.S. clients. You can also see a more office setting style, all-metal one here. There may be others, search around, but don’t settle for less. This one has a high security lock and arms under the lid that extend fully to the left and right side of the bin, thus keeping the lid from being pried open.
Generally speaking, shredding companies provide bins that suit their purpose, not the customer’s. Some are constructed of cheap particleboard held together by wood pegs (see photo), and many of those are not assembled properly. They can be opened easily from the bottom. Just undo the exposed screws.
The plastic bins usually just lock the front center of the bin, leaving the sides vulnerable to forced entry.
Almost all the bins provided by the “I-Rip-A-Part” cartel have easily pickable locks, and we’re talking paper clip pickable.
During our information security inspections we also see the locks which are not even being used. Ok, that’s not the vendor’s fault. You have to keep on top of these things.
The double whammy is the garbage bin which has been hacked into a “security” shred bin by carving out a slot in the top, and pop-riveting a hasp on the front.
These crummy bins may be fine for holding bulk amounts of outdated, semi-sensitive documents awaiting shredding. However, sensitive and highly confidential, bulk shredding require better shred bin security.
A Cost-effective Shred Bin Security Upgrade Solution
Divide your organization’s shredding needs into three categories:
- Bulk amounts of outdated, semi-sensitive and general recycling documents.
- Bulk amounts of outdated, confidential documents.
- Highly sensitive and confidential wastepaper.
Color-code each bin. A strip of colored duck tape across the front is all that is needed.
Category #1 – Keep the current bins. Stripe color: Green.
Category #2 – Upgrade these bins, preferably by upgrading to a better bin, or retro-fitting the locks on the current bins, if practical. Ask the current shredding company to shoulder the cost if they want to keep your (considerable) contract. If they decline, find a company that will. This shredding should be done on-site, with a security employee as a witness. Stripe color: Yellow.
Category #3 – Provide a few high-security bins, or desk-side crosscut shredders, to personnel who routinely need to dispose of highly sensitive and confidential wastepaper. Stripe color: Red.
Idea: Indicate these colors on your documents, too—as they are created—to indicate proper end-of-life disposal.
Doing this indicates to personnel what security level wastepaper goes into each bin. Incorporate this scheme into your written information security policy. If you don’t have one, make one. It’s important. Advise all employees of the new procedures once accomplished.
The Free Shred Bin Security Solution
Obtaining management’s help is required for this one. Get them to determine the potential monetary/good-will/embarrassment loss for each of the fore-mentioned categories. It may turn out that:
- Category #1 comprises 70% of the shredding needs (no changes needed here);
- Category #2 is 20%; (minor cost impact for improvements);
- and Category #3 is only 10%. (Potentially FREE! An adequate deskside shredder costs about $172.00. Buying one could pay for itself many times over. Just eliminate the regular regular shred bin it replaces from your contract.)
It is not necessary to upgrade everything. Cost-effectiveness just takes a little creative thinking. Looking at it this way makes upgrading shred bin security an economically sound idea.
Hope that helps. ~Kevin
Kevin D. Murray CPP, CISM, CFE, CDPSE is a business counterespionage consultant and TSCM specialist with over four decades of experience.
Murray Associates is an independent security consulting firm, providing eavesdropping detection and counterespionage services to business, government and at-risk individuals.
Headquartered in the New York metropolitan area, a Murray Associates team can assist you quickly, anywhere in the United States, and internationally.