TORONTO, Oct. 13 - As the 29th annual Small Business Week in Canada approaches, information security organization Shred-it is offering advice to small businesses to help minimize their exposure to fraudulent activities.
While certain types of fraud such bin-raiding or check fraud have been well-documented, falling victim to other, less well-known types of fraud can be equally, or even more devastating for a small business. Photocopier fraud for example, which can occur if the vendor of a previously -owned machine fails to wipe images automatically stored on the hard drive, is a growing concern among business owners and privacy officials.
"Small businesses often run the highest risk of falling victim to fraudulent activity," says Michael Collins, Vice President Sales, Shred-it Canada. "Aside from the potentially crippling high costs of a data breach, SMBs may have no formal information security strategies, policies and procedures in place. They may also have limited access to the legal resources needed to keep them compliant with the increasingly complex legislative and regulatory requirements related to privacy protection and identity theft and fraud."
Recent Research from the Association of Certified Fraud Examiners has shown that fraudulent activity hits smaller businesses harder than larger organizations - those with fewer than 1,000 employees lose an average of $150,000 per fraud case, while larger companies lose $71,000. Yet despite these statistics, Shred-it's own customer research shows that just 68 per cent of organizations have official guidelines for document destruction.
"No business wants to expose itself to fraudulent activity," adds Collins. "From auditing your current procedures to implementing a secure document destruction policy, there are a number of simple and cost effective steps that small businesses can take to address security risks and protect valuable information".
An example of a small organization that deals with confidential data on daily basis is the Community Care Access Centre (CCAC), an organization that facilitates connections between local residents and home and community care options, covering Ottawa and the Champlain region,. The CCAC has a main office in Ottawa and more than 10 branches in the Champlain area. The organization constantly deals with sensitive personal and medical information of the people they serve, consequently requiring a comprehensive shredding service to keep that information from falling into the wrong hands.
"Shred-it plays an important role for us," says Ann Buchanan, Manager of Records and Interim Privacy Officer. "We have clients' confidential information and we must treat it appropriately; it's just common sense."
To assist small businesses with safeguarding their information, Shred-it has developed a number of easy-to -follow tips, outlined below.
Shred-it's tips for safeguarding small business information
Security policies and training
People are still the weakest link in information security: employee negligence or wrongdoing is among the most common causes of security breaches.
- Make sure you have formal information security policies in place; train your employees to know the policies well and follow them rigorously.
- Limit the number of people who handle confidential documents. Be careful when hiring new employees. Perform full reference checks and, where warranted, ask your new hires to sign confidentiality agreements.
- Demonstrate a top-management commitment to the total security of your business and customer information.
Information security strategy
- Conduct a periodic security audit.
- Develop a comprehensive strategy to manage unique security risks; target both paper-based and electronic information sources.
- Identify security loopholes at every stage of the information cycle, from data generation and storage to the transfer of data from location to location and eventually to document destruction.
- Make sure business practices are fully compliant with national identity theft legislation.
- Hire a reliable vendor that is well-informed and keeps you compliant with pertinent legislation, training requirements etc.
Paper-based information sources
A number of security breaches can be traced back to mishandled, lost or stolen paper documents.
- Eliminate these risks by introducing a "shred-all" policy, when all unneeded documents are fully destroyed on a regular basis.
- Don't deposit unneeded documents in unsupervised areas; ideally, introduce special locked consoles instead of the blue recycling bins.
- If you don't have the resources to implement a secure document destruction program, work with a reliable third-party vendor.
- Ask to view your vendor's document destruction process.
- Make sure the vendor has a reliable shredding methodology and special equipment, such as locked shredding consoles and powerful shredding machines.
- Request a document certifying that your unneeded documents have been securely destroyed.
Electronic information sources
- Don't overlook hard drives on computers or photocopiers - Erasing your hard drive does not mean that the data is gone. Physical hard drive destruction is proven to be the only 100% secure way to destroy data from hard drives permanently.
- Have up-to-date and effective computer network protection, including anti-virus software and a firewall.
- Make sure employees set up strong computer passwords, ensure they are changed regularly.
- Instruct your staff not to leave computer screens with sensitive business or customer information unattended.
Shred-it is a world-leading information security company providing document destruction services that ensure the security and integrity of our clients' private information. The company operates 140 service locations in 16 countries worldwide, servicing more than 150,000 global, national and local businesses, including the world's top intelligence and security agencies, more than 500 police forces, 1,500 hospitals, 8,500 bank branches and 1,200 universities and colleges. For more information, please visit www.shredit.com.
For further information:
Strategic Communications Specialist
On behalf of Shred-it