Given I have worked in security my whole career, it may seem strange that I don’t own a paper shredder. I use one so irregularly, I have taken to seeking out ways go paperless when I can and use corporate shredding services if necessary.
Having recently escaped corporate life, I approached a secure shredding service last week. Over the phone they assured me I didn’t need an appointment, just come in anytime. It concerned me to find that on handing over my paperwork, that it would be put “just over there” until they had a quiet moment to shred it. Not only did this defeat the purpose of so-called ‘secure’ shredding, the staff explained to me that this was their company policy. If this was the policy for how the public’s confidential documents should be handled, I could only wonder how their corporate customers were treated and if they were aware of this policy.
I couldn’t help feeling defeated, as I left the counter with my pile of shredding still under my arm headed for home, that no one before me had questioned this process. Most people who care enough to shred their documents would be happy to stand for a few minutes and destroy the paperwork themselves. But the counter staff explained that this wasn’t an option either.
The fact that for about $30, this same shop could sell me a shredder to use at home is not the point. The point is that the definition of what is considered ‘secure’ differs so greatly across corporates and communities that as security professionals we are fighting an uphill battle. While my shredding might be a basic example, the bigger picture is that these company policies are teaching the next generation of youth about being ‘secure’.
Next week, I’ll be joining my peers from the Australian Women in Security Networkand vicICTforWomen to encourage Melbourne teenagers to consider careers in Information Security. These teens are the corporate employees of tomorrow. And even if they choose to be engineers or nurses or teachers, we will encourage them to question and improve workplace security practices and to regularly consider what it means to be secure.
What’s your company’s current definition of ‘secure’?