With summer well underway and many employees on holiday, the office can be strangely quiet – and unfortunately, more vulnerable to employee theft. What are the risks and how can you improve your summer security?
When it comes to office information security, employee theft is more common than you may think, and it's on the increase. According to the CIFAS Employee Fraudscape report 2015, insider fraud rose by 18% last year alone. It is estimated that overall, 56% of all organisational fraud is perpetrated by an insider.
An analysis by the University of Portsmouth found the average initial cost to an organisation of insider fraud is £424,500. However the true cost is actually 14% higher, once additional expenses such as conducting a thorough investigation into the fraud and any financial penalties from regulatory bodies are taken into account.
Smaller frauds have a disproportionately large impact; the analysis showed that for frauds below £25,000, the true cost to the organisation was actually on average 265% higher.
According to a study by the British Retail Consortium, in the retail sector there were 8.9 employee thefts per 1000 retail employees last year, with an average cost of £1,031 per incident. Fraud accounted for over a third (37%) of the total cost of retail crime.
During the summer when a workplace is being managed by a skeleton staff and there is less supervision in general, experts say there is all the more reason to have safeguards in place to ensure sensitive information is protected.
Improve your office security; here are 9 ways to reduce the risk of employee theft during the summer... and all year:
- Create a culture of security with a comprehensive information security policy. A security committee headed by a CISO (Chief Information Security Officer) is recommended.
- Implement a fraud hotline. A global study by the Association of Certified Fraud Examiners (ACFE) found that more than 40% of all employee fraud is detected by a tip – mostly from other employees.
- Highlight ‘red flag’ behaviours. Fraudsters display common behaviours including living beyond their means, financial problems, an unusually close relationship with a supplier or customer, and control issues with work projects.
- Be vigilant about physical safeguards. Ensure that only authorised individuals have access to sensitive information. Physical safeguards should be utilised such as locks, motion detectors, etc. All visitors must sign in and be accompanied by an employee at all times. Partner with reliable third-party companies for regular services such as document destruction.
- Create BYOD and other out-of-office policies and procedures. Install computer protection such as firewalls, anti-virus software, data encryption and password protection. Before a holiday, employees who want to take work with them should load (onto their devices) only the documents that are required to do the job.
- Leave a clean desk. Employees must shut down all computers and equipment and leave their area clean and locked. A Clean Desk Policy provides useful guidelines.
- Provide regular employee training. Most occupational fraudsters are first-time offenders, according to ACFE. Background checks and confidentiality agreements are important when hiring; and then ongoing communication and training about information security.
- Encourage communication with the IT department. If anything comes up during holidays, employees should be able to contact IT easily for assistance.
- Implement secure document destruction in and out of the office. All sensitive documents must be securely shredded by a shredding services expert and then sent for recycling. Hard drive destruction services should also be provided.
For more information, check out our infographic detailing The Hard Facts on Occupational Fraud.