SPECIAL PROMOTION

$5 off or 15% off, whichever is greater on your next shredding project. Code 1119


Blog Archives



Blog Categories

  • No categories

Welcome to our blog!

Hard Drive Shredding Security

Hard Drives shredded by XpresShred

The data recoverability or the overall security of the hard drive destruction process is a factor that has become more and more important as the number of obsolete or replaced hard drives has grown.  What is sufficient to ensure that the data contained on a hard drive is unrecoverable?

It is useful to consider the mechanics of the way hard drive data is placed on the drive.  Each individual manufacturer of hard drives has their own process that controls the read mechanism and electronics of how data is actually written to the platters in the hard drive.  There is no defined standard that is used and each company utilizes the encoding that it deems optimal.  Furthermore, each model of the hard drive and even the firmware used on that model would have to be known in order to recover information.  This is contrary to the situation with a CD/DVD.  The data recorded is always recorded in the same manner.  Therefore, if you have a CD/DVD it can be read with the standard reader contained in every computer.  Contrast this with the hard drive.  Each hard drive is self contained.  It has the reader and firmware in the drive which is then used to recover the information that is written on the disks.

By shredding a hard drive and mixing the shred with other hard drive materials, the process of recovering data become virtually impossible.  A fragment of a drive would need to be recovered and then a process utilizing magnetic force microscopy (MFM) would have to be employed. This is the only process that does not require the platters of the hard drive to spin and the heads to read the data.  The MFM allows the data to be viewed in an encoded format.  However, the logistics are staggering.  The MFM takes a picture of each bit on the disk.  Each picture will be 100 bytes in size.  For a 20 Gig drive approximately 160 billion bits would need to be photographed.  Secondly, each photograph would need to be analyzed by an expert to interpret each bit.  Any error in reading or interpretation would produce meaningless data results.

In order to reduce the chance of recover-ability of data, a hard drive should be separated from the casing which contains the firmware and model information.  Alternately, the platters can be destroyed through a degaussing process whereby a strong magnetic field of sufficient force is directed on the hard drive.  Unfortunately, after degaussing, the drive appearance will remain the same and the hard drive would have to be tested in order to ensure the destruction of the data on the platter.  Physical destruction through shredding of a hard drive is the clearest means of visually ensuring that the data contained on the platters is unrecoverable on a practical basis.  The platters are physically destroyed and separated from the information bearing cases in which they were housed.  The resulting shredded materials make it virtually impossible to recover any data that is contained on them and the security of the information will be ensured.

What to do when your identity is stolen

Credit Cards, Social Security numbers, financial identity theftThe process for rectifying an occurrence of identity theft can be very time consuming, frustrating and costly.  Furthermore, the perpetrator of the identity theft is unlikely to ever be caught.  Unfortunately, there is a very big return to risk calculation that a thief makes.  If they are ever caught, the consequences are much less than violent crime and the potential for illicit gain are much greater.  Consider that a violent criminal could mug or rob a person of their wallet or purse.  They may get $100 in cash and access to credit cards which will quickly be turned off and changed.  The robber is usually able to be visually identified by the victim or other witnesses.  If caught, this robber may get 10 years in prison.   However, an identity thief with access to the personal information of a victim can obtain credit for thousands of dollars in a victim’s name.  The victim may not even learn of the crime for a period of months, at which point the damage is done.  The thief is not seen by the victim and is very difficult to identify.  The first obstacle in catching a thief is legal jurisdiction.  A victim may live in Colorado, have their identity stolen by a person in New York and the fraudulent credit is used to purchase items or services in Florida.  Which legal authority will pursue this crime?  Furthermore, authorities have little time to spend chasing identity thieves that operate on a small scale.  Therefore, the chances of actually being caught by a thief are small.

The steps that a victim must take call for the immediate filing of a police report to detail the identity theft.  Most police departments are now more open to filing the report due to the increasing frequency of identity theft.  With the report filed, contact must be made to the three major credit reporting agencies:  Experian, Equifax and Transunion and notifying them of the identity theft and placing a fraud alert.  They will place a credit hold on the account of the victim so that no further credit can be obtained without specific approval.  Then the fraudulent charges must be addressed.  This becomes the time consuming and frustrating part.  The Federal Trade Commission also provides detailed information on the steps to take in order to remedy an occurrence of identity theft.   More information may be obtained at the Federal Trade Commission website at http://www.ftc.gov/bcp/edu/microsites/idtheft/tools.html

Everyone should obtain a yearly credit report to ensure that their identity is still secure.  A report is available free of charge by going to www.annualcreditreport.com.  Prevention is the best activity a person can employ to reduce the chances of identity theft.

  1. Don’t leave outgoing mail in an unsecured mailbox.  Particularly bills being paid with checks.
  2. Shred or properly dispose of unsolicited offers of credit and consider “opting out” of credit card solicitations.
  3. If a personal shredder is used, mix the shred with other refuse.  Don’t throw away the shred in the plastic bags that are provided.  This isolates the important information in one place and it may be able to be reconstructed.
  4. Protect your social security information.  Don’t carry your card in a wallet or purse.  Only give out your number if absolutely necessary.  Ask to provide other identifying information as a substitute.  The less places that your information is available, the better for identity protection.

Also, be alert for unusual credit activity to determine if you have been victimized.  Mail that does not arrive as expected for bills, etc.  Be aware of any denials of credit that are received when no credit was applied for.  If calls are received for payments of goods or services that were not ordered, it may be another indicator that the identity may have been used by a thief.

Identity protection requires constant vigilance.  By taking appropriate steps to guard personal information and being vigilant for any unusual activities, the risk of identity theft can be reduced and the damages that result if it does occur can be mitigated by swift action on the part of the conscientious consumer.

NAID AAA Certification

The National Association for Information Destruction (NAID) is the international trade association that monitors developments and best practices in the paper shredding industry.  By simply being a member of NAID, an information destruction company will be informed of governmental regulations and educated on the proper processes to follow.  The next level of commitment that shredding operations can demonstrate to proper practices is to become AAA Certified.  This detailed process requires several steps.

The process starts with an application by a NAID member to become certified and the processes that they wish to be certified for.  There are several activities that may be applied for:  On-site destruction of paper, Plant-based destruction of paper, and hard drive destruction. The applicant must affirm through the application that they are following current guidelines as detailed for each certification.

The items that are common for each certification for employees are:

  1.  Criminal background investigation of all employees with access to confidential information.  The report must utilize a Social Security Trace to ensure that each location where the employee lived is covered in the report.  The employee must not have a felony conviction for any activity that could be associated with identity theft.
  2. A Confidentiality Agreement must be executed by each employee that has access to confidential information.  This states that they will not copy, memorize, keep, remove, inspect, record, photograph or transferred to any unauthorized person.
  3. A Drug Screen must be performed on a regular basis for any person that has access to confidential information
  4. Employees must be citizens of the United States and verified or be demonstrate eligibility to work in the USA.
  5. There must be written policies and procedures for drivers and destruction processing employees.
  6. Employees must wear a specific uniform with company issued photo ID displayed.

Certification for on-site destruction contains several items that are specific to this type of mobile destruction:

  1. Drivers will not leave materials unattended at any time.
  2. Drivers must lock the areas of the truck that contain shredded materials.
  3. The on-site destruction must be performed at the customer’s location.
  4. Shred particle size must be within NAID standards.

Certifications for plant based destruction operations also have specific requirements:

  1. Unauthorized access to the secure destruction area is effectively prevented.
  2. All visitors must sign in with time, date, be issued a visitors tag and be escorted under supervision at all times.
  3. There must be a monitored alarm system in place.
  4. A closed circuit camera system must monitor access areas and destruction areas and recordings must be kept for a minimum of 90 days.
  5. Shred particle size must be within NAID standards.

Also, the final disposition of the shredded materials must be to a secure source such as pulping or incineration and must not be used for other commercial activities such as packing or animal bedding.

The processes stated in the application are then verified by an on-site inspection by NAID personnel prior to AAA Certification being awarded.  The Certification process is both rigorous and demanding.  After the awarding of an AAA Certification the applicant is then subject to random unannounced audits to ensure that the standards are still being met.  After learning of the process for certification, organizations understand the value of working with a NAID AAA Certified operation.

XpresShred has maintained continuous NAID AAA Certification for the past three years with endorsements for on-site, plant-based and hard drive destruction.

Recycling of Paper Shredded in Denver

NAID Secure and Certified Paper ShreddingIf your paper or documents are being shredded by a NAID (National Association for Information) AAA Certified member, it is being sent to a paper pulping plant after it is shredded.  There are other uses that shredded paper is very good for, such as animal bedding.  However, the pulping and recycling of shredded paper is another step in the rigorous security procedures that are demanded by NAID.  By recycling the paper by paper processing plants, the shredded paper is completely de-inked and taken down to the basic fiber level.  This removes any remaining possibility that information bearing paper will be exposed to unauthorized access, thus providing the security that clients need to have.

Recycling of shredded paper is also the environmentally best use of old documents.  By sending the shredded paper from the metro Denver area to a paper processing mill, XpresShred saved over 10,000 trees in 2010.  Furthermore, by not using trees to make new paper, 4.1 million gallons of water were also conserved.  Recycling the paper is the best way to protect the environment and utilize resources effectively.

XpresShred is an AAA Certified member of NAID based in Englewood, Colorado.

Reducing identity theft risk through document shredding

Mailings for unsolicited offers of pre-approved credit cards present a significant risk to identity theft if they fall into the wrong hands. Applications are completed under the name of the person identified and the address is changed so that the bills are sent to a different address. The victim, in this case, may not find out about the identity breach until the collection agencies start to contact them. Another significant risk area is Dumpster diving. Thieves simply search trash for important information and use the data to steal the identity of the target.

Shredding mail and documents that contain sensitive information is a recommended way to reduce the chance that your identity may be stolen. All documents that contain personal information such as social security numbers, address, billing statements or tax information should be properly disposed of. Shredding documents not only reduces that chance of identity theft, it also is environmentally sound, since all of the shredding materials are recycled.

Identity theft can be an exhausting problem to rectify, identity theft prevention is best. Police reports, notification to credit bureaus and repairing the damage done can take a significant amount of time to fix. In the meantime, bill collectors and denial of credit are very frustrating and difficult matters to handle. Therefore, it is important to take the proper precautions with identity information, such a shredding properly, which will reduce your exposure to being a victim of identity theft.

Additional information: secure paper shredding check list and identity theft resources