No Organization is Immune: Fraud Can Have a Lasting Effect on Any Company

TORONTO, ONTARIO--(Marketwire - March 7, 2013) - Despite the growth of fraud across organizations of all industries and sizes, many may still not see themselves as a potential target. Though fraud may be dismissed as something that affects a certain type of company, the reality is that there is no "typical" fraud victim. In recognition of Fraud Prevention Month, Shred-it, a world-leading information security company wants to help organizations of all types recognize their susceptibility to fraud and identify safeguarding methods.

The 2012 Shred-it Information Security Tracker revealed that 57 per cent of businesses both large and small felt that if data from their company was lost or stolen, it would not seriously impact their business. As high-profile instances of fraud generally receive the most widespread attention, many businesses may infer they are not a target for fraud and be less vigilant with securing their information as a result. This may be the case especially with small businesses. In fact, the 2012 Shred-it Information Security Tracker showed that almost two-thirds (61 per cent) of small businesses don't believe a data breach would have financial and reputational damage to their business.

"While organizations might assume fraud won't happen to or affect them, it is a real and all too frequent risk that could be detrimental to any organization, whether it be a company of five or 5,000," says Bruce Andrew, Vice President, from Shred-it. "No organization is immune and each company should be aware that the consequences to their reputation and bottom line can be costly and long-lasting."

In a report released in 2012, the Certified General Accountants Association of Canada found that workplace fraud is costing Canada's small and medium enterprises (SMEs) at least $3.2 billion annually and has a negative impact on employee morale. About 290,000 SMEs reported being victims of fraud in the workplace. As much as there is no typical fraud victim, there is also no standard method of fraud. Businesses may experience fraud resulting from a cyber-attack, have data recovered from an old hard drive or have proprietary materials lifted from a sensitive document placed in a recycling bin. What's more, fraud may be committed by either an external or internal source.

The first step in fraud prevention starts with being proactive. Businesses should consider the following questions to evaluate their potential for being affected by fraud:

• Does everyone in the organization know the information security policy? - If the answer is "no", reconsider how the policy is being communicated as well as how frequently it is being shared with staff.
   
• When was the information security policy updated? - Conduct a regular audit of the policy to ensure it evolves alongside new technologies and practices, such as the shift towards cloud computing and the "Bring Your Own Device" trend.
   
• Are any employees working remotely or on-the-go? - Consider a specialized policy for mobile workers when sensitive materials are taken off the premises. Ensure paper documents are kept in a safe place until they can be securely shredded and that all flash drives are being properly encrypted to prevent a loss of data.
   
• How are aging or obsolete electronic devices being disposed? - Unless a device is crushed and fully destroyed, fraudsters may be able to recover data from devices ranging from hard drives to smartphones. Simply erasing or degaussing a device does not ensure the materials couldn't be recovered down the line. The 2012 Shred-it Information Security Tracker revealed that only 16 per cent of Canadian businesses are ensuring their devices are fully crushed.
   
• Make sure business practices are fully compliant with national identity theft legislation - It is essential that businesses of all sizes are aware of the legal requirements concerning the storing, keeping or disposing of confidential data. If an organization were to be found liable after suffering a data breach, there could be serious repercussions.
   

"Potentially sensitive information from any given organization is being made available in more locations and on more devices than ever before," says Andrew. "Fraud Prevention Month is a great reminder to organizations of the crucial importance of recognizing that they are susceptible to fraud and to take the necessary proactive steps to reduce their likelihood of becoming a victim.

For more information on fraud prevention, please visit the Resource Centre on www.shredit.com.

About Shred-it

Shred-it is a world-leading information security company providing document destruction services that ensure the security and integrity of our clients' private information. The company operates 140 service locations in 16 countries worldwide, servicing more than 150,000 global, national and local businesses, including the world's top intelligence and security agencies, more than 500 police forces, 1,500 hospitals, 8,500 bank branches and 1,200 universities and colleges.