Risks of Limited Confidential Information Knowledge
Imagine a fraudster roaming your office alone after a normal working day, what could they stumble across on the desks or by the printers? You might think that you are being careful with confidential information but could those print outs or unsecured documents be of use to professional criminals?
The answer is almost certainly yes, even if you might not think it. This year, our State of the Industry Report revealed that a fifth of UK SMEs believe they possess no documents that would cause the business harm if stolen. An alarming figure given the amount of personal and senstive data stored in every workplace, including employee records, client invoices, payslips and emails containing personal information. If this information fell into the wrong hands, there could be significant legal, financial (fines of up to £500,000 from the ICO) and reputational damage to your company therefore educating yourself and your employees on what should be considered confidential information under the Data Protection Act and other relevant European legislation is critically important. (An overview on key legislation is included – and key information security trends – within our State of the Industry report.)
Understanding what constitutes confidential information is one thing but if you are worried about a breach then the best way to prevent a simple error becoming a grave mistake is to implement a shred all policy. It means just what it says – shredding everything to make sure that nothing confidential slips through the net. Implementing policies like this is a great way to start transforming workplace environments from a fraudster’s paradise into a secure office.
In recognition of International Fraud Awareness Week (16th – 22nd November 2014), Shred-it has identified the top five risk areas for fraud in the workplace. Just by identifying fraud risk spots in the office and implementing simple measures to enhance their security you can help your workplace remain secure.
- Printers and photocopiers. Watch out for documents left out at work stations, be especially mindful if your printers don’t require a security code to print jobs. By including security codes onto machines you can substantially strengthen this notorious risk spot.
- Non-Secure Recycling Bins and Wastepaper Baskets. Throwing data in a normal refuse bin is no safer than storing that data in an unlocked cupboard. The only way to ensure that discarded data isn’t read by curious eyes is to implement a shred-all policy, which means just that – you shred everything!
- Messy Desks. Keeping your desk tidy doesn’t just have psychological benefits, it actually makes your workplace more secure. The implementation of a clear desk policy and the provision of lockable storage units is an easy way to help employees safeguard the data they hold.
- IT Device Storage. Electronic storage devices raise the risk of fraud as they transport information from your organisation’s secure network. Signing devices in and out is an easy way to keep track of them and then securely destroying them once they’ve reached the end of their useful life is crucial to ensuring they don’t end up in the wrong hands.
- Mobile workplaces. As a workforce, we are becoming increasingly mobile with many of us able to access our work files at home or on the move. To ensure that this flexible working remains secure, it’s best for employees to only take or print confidential information outside the workplace when absolutely necessary and to of course, dispose of it correctly after use.
It’s important to remember that all businesses possess material that should be treated as confidential under UK and European Data Protection legislation. It’s time to start looking at your workplace from the eyes of someone out to profit from your confidential data – only then can you recognise and counteract the threats of malicious fraudsters.
Interested in finding out more about how to protect your workplace from fraudsters? Learn more about current trends in information security in our 2014 State of the Industry Report.
Join the conversation on information security with Shred-it on Twitter @Shredit_UK.