Businesses must do more to safeguard against fraud. A Shred-it survey shows that organizations often fail on "most basic" aspects of information security.
With Fraud Prevention Month now underway, Shred-it, the organization dedicated to information destruction estimates that 6 out of 10 companies are failing to comply with basic information security practices.
"When we undertake an initial security audit for our new customers, we typically see 6 out of 10 organizations failing to address a number of basic security issues," says Michael Collins, Vice President Sales, Shred-it Canada. "These lapses can range from staff leaving sensitive papers lying around on desks, to organizations only offering staff recycling rather than shredding facilities, to staff failing to guard their passwords securely. These lapses may seem small, but often they can prove the decisive weak link in the security chain."
While consumer awareness of fraud is relatively high – a 2010 TD Canada Trust survey showed that 40% of Canadians surveyed say they are 'very' or 'extremely' concerned about becoming a victim of fraud in the future and one-third of Canadians feel they have been a victim of debit card or credit card fraud in the past – Shred-it’s own research shows that businesses clearly need to enhance their information protection security.
“While what we see is concerning, on a positive note, the organizations that we have audited realize that information security is important to their business and their customers and are taking proactive steps to improve,” added Collins. What is more concerning is the number of businesses in Canada who are failing to take seriously their duty of safeguarding their own and their customers’ data.”
To help businesses better understand where their information security gaps may lie, Shred-it has developed an online security self assessment survey which can be found at www.shredit.com/fraudprevention. Shred-it also offers the following tips for organizations:
Shred-it’s tips for safeguarding business information
Security policies and training
People are still the weakest link in information security: employee negligence or wrongdoing is among the most common causes of security breaches.
- Make sure you have formal information security policies in place; train your employees to know the policies well and follow them rigorously.
- Limit the number of people who handle confidential documents. Be careful when hiring new employees. Perform full reference checks and, where warranted, ask your new hires to sign confidentiality agreements.
- Demonstrate a top-management commitment to the total security of your business and customer information.
Information security strategy
- Conduct a periodic security audit.
- Develop a comprehensive strategy to manage unique security risks; target both paper-based and electronic information sources.
- Identify security loopholes at every stage of the information cycle, from data generation and storage to the transfer of data from location to location and eventually to document destruction.
- Make sure business practices are fully compliant with national identity theft legislation.
- Hire a reliable vendor that is well-informed and keeps you compliant with pertinent legislation, training requirements etc.
Paper-based information sources
A number of security breaches can be traced back to mishandled, lost or stolen paper documents.
- Eliminate these risks by introducing a “shred-all” policy, when all unneeded documents are fully destroyed on a regular basis.
- Don’t deposit unneeded documents in unsupervised areas; ideally, introduce special locked consoles instead of the blue recycling bins.
- If you don’t have the resources to implement a secure document destruction program, work with a reliable third-party vendor.
- Ask to view your vendor’s document destruction process.
- Make sure the vendor has a reliable shredding methodology and special equipment, such as locked shredding consoles and powerful shredding machines.
- Request a document certifying that your unneeded documents have been securely destroyed.
Electronic information sources
- Don’t overlook hard drives on computers or photocopiers - Erasing your hard drive does not mean that the data is gone. Physical hard drive destruction is proven to be the only 100% secure way to destroy data from hard drives permanently.
- Have up-to-date and effective computer network protection, including anti-virus software and a firewall.
- Make sure employees set up strong computer passwords, ensure they are changed regularly.
- Instruct your staff not to leave computer screens with sensitive business or customer information unattended.
Shred-it is a world-leading information security company providing document destruction services that ensure the security and integrity of our clients’ private information. The company operates 140 service locations in 16 countries worldwide, servicing more than 150,000 global, national and local businesses, including the world’s top intelligence and security agencies, more than 500 police forces, 1,500 hospitals, 8,500 bank branches and 1,200 universities and colleges. For more information, please visit www.shredit.com.
About Fraud Prevention Month
March is Fraud Prevention Month. This campaign is led by the Competition Bureau, with the participation of over 80 private sector firms, consumer and volunteer groups, and government and law-enforcement agencies. Together, they form the Fraud Prevention Forum, which works to prevent Canadians from becoming victims of fraud.
Strategic Communications Specialist
On behalf of Shred-it