Shred-it highlights the top 10 office hotspots for corporate fraudsters
The launch of National Identity Fraud Prevention Week today has highlighted that many businesses are still not putting in place policies for the secure management of their confidential data, leaving them vulnerable to corporate identity fraud. This is the warning issued by Shred-it, the UK’s largest on site document destruction company.
Corporate identity theft costs UK businesses £1.3 billion a year according to research by card protection and insurance group CPP, and a study by Ponemon Institute has found that the cost of data breaches has leapt by 36 per cent in the UK in the past two years. This underlines the need for firms to ensure that they are taking the right steps to manage their confidential information to limit the risk of falling victim to fraudsters.
Research by the organisers of National Identity Fraud Prevention Week has found, however, that only 64 per cent of businesses have put in place a clear policy on how to handle documents containing sensitive information.
Shred-it has set out the top ten office hot spots where sensitive information is most often left unsecured and its recommendations for how businesses can reduce the risk of confidential data falling into the wrong hands.
Robert Guice, Executive Vice President of Shred-it EMEA, commented: "The passage of confidential information through the workplace can present fraudsters with a number of opportunities to gain access to sensitive data that they can then use for their own financial gain – and the firm’s financial loss. Businesses need to be aware of these risks and put measures in place to protect their private information, as well as that of their customers and their employees."
Shred-it has a number of tips for organisations seeking to protect their corporate identities:
- Recycling Bin: Leaving confidential documents in non-secure locations such as a recycling bin means they could be accessed by anyone at anytime, or worse still stolen while awaiting collection from outside your premises.
- Overflowing confidential shredding bin: Make sure you have enough confidential shredding bins and that your secure document destruction provider visits regularly enough to prevent overflows. Leaving sensitive documents lying on top of these consoles is self-defeating.
- Office strip shredder machine: This is one good reason to outsource document destruction. Many businesses are reluctant to free up staff time to shred documents, preferring them to focus on fee generation. An employee can take 5 hours to shred 25kgs of paper; industrial shredders can do the same work in minutes.
- Waste paper baskets: Perhaps the most dangerous point of all. Make sure all employees are clear about precisely which kinds of information should never be deposited in a waste paper basket.
- Employees with access to confidential records: Which of your employees have access to confidential information? Do you know for a fact that all of these employees have been subjected to CRB checks?
- Unattended digital storage devices: Ensure that USB sticks and CD-ROMs containing confidential data are tracked at all times and never left for any passing member of staff to simply pick up.
- Discarded photocopies and printer paper: A blurred version of a confidential document may not be suitable to send to a customer, but it could be perfect for a fraudster looking to access data. Photocopiers also contain hard drives which store images of documents copied upon them. These should be wiped clean before the machine reaches the end of its service life in the office.
- Office in-trays: Many companies now enforce 'clear desk' policies to ensure sensitive documents are not left unattended by workers. This is a sensible practice.
- Broken security door: Make sure entry to areas where confidential data is stored is strictly controlled. In a world where multiple building occupancy could even leave your business with competitors located on the floor above or below you, this is all the more important.
- Unused hard drives: Confidential electronic data should be treated in the same way as paper-based information. If you need to dispose of hard drives, ask your document destruction provider to pulverise them for you so information stored on them cannot be retrieved.