Internal Fraud: How to Find ‘Hidden’ Workplace Vulnerabilities that Put Data Security at Risk
Easter egg hunts are a fun tradition at this time of year, but in the workplace it’s more important to look for 'hotspots' where data security risks may lurk unnoticed. The hard part is finding them, but once discovered, information security threats can be blocked with easy-to-implement measures such as introducing a clean desk policy.
The typical organisation loses about 5% of revenues each year to occupational fraud, according to a 2014 Global Fraud Study by the Association of Certified Fraud Examiners (ACFE). The median loss is £100,000, and almost 25% of cases lose at least £690,000.
Here’s where to find common workplace vulnerabilities – and what to do about them.
Quocirca research showed that over 70% of organisations have experienced a print-related data breach.
The average office worker still handles about 10,000 sheets of paper annually. But according to Ponemon Institute, less than 10% of a company’s data security budget is spent on protecting paper documents.
What’s more worrying is confidential documents being left on printers and photocopiers – and insider fraudsters getting their hands on them.
What to do: Implement a secure printing strategy that includes 'pull printing' so print jobs are released only to authorised users and only when they are ready to be collected. Use reminder posters in common areas. Partner with a document destruction company so the hard drives of all office equipment, including printers and photocopiers, are physically destroyed at end of life (just wiping them is not a guarantee that data is destroyed).
- Open Recycling and Waste Bins
One of the places paper documents are most at risk to information thieves is in a rubbish bin, according to the 2014 Security of Paper Records & Document Shredding report by Ponemon.
Unfortunately, the 2015 State of the Industry Report by Shred-it showed that both large and small organisations need to improve their document storage and disposal protocols.
What to do: Encourage the use of electronic documents whenever possible. Use a document destruction company and replace open bins with locked consoles for documents that are no longer needed. Implement a Shred-it-all Policy to eliminate employee error.
Papers, post-it notes, and other information in full view on desks and screens all pose security risks.
What to do: Implement a Clean Desk Policy so information is secured at all times. Partner with a document destruction company so that document disposal is seamlessly embedded into day-to-day workplace procedures.
When employees save information on IT devices and take them home, there is an increased risk of a data breach.
Plus, the 2015 Shred-it Security Tracker showed that 40% of businesses surveyed have never securely disposed of USBs or other devices containing confidential information.
What to do: Stipulate that employees take home only the information that is absolutely necessary. Use a storage device sign-out process. All storage devices must be securely destroyed when they reach end of life.
A recent study in the US by BT Americas revealed that mobile security breaches have affected 68% of global organisations in the last 12 months. Most mobile devices contain confidential data and with the mobile workforce increasing every year, this trend looks set to continue.
What to do: Train employees on cyber security best practices. Offer ongoing support including an app ‘store’ for approved mobile device applications.
Continued vigilance in not overlooking these obvious workplace vulnerabilities will help prevent occupational fraud.