March 24, 2016

Internal Fraud: Where to Find ‘Hidden’ Workplace Vulnerabilities

Easter egg hunts are a fun tradition at this time of year. But in the workplace, it’s more important to look for 'spots' that increase data vulnerability.

The typical organization loses about 5% of revenues each year to occupational fraud, according to the 2014 Global Fraud Study by the Association of Certified Fraud Examiners (ACFE). The median loss is $145,000, and almost 25% of cases lose at least $1 million.

Here’s where to find common workplace vulnerabilities – and what to do about them.

Paper in Printers

Quocirca research showed that over 70% of organizations have experienced a print-related data breach.

The average office worker still handles about 10,000 sheets annually. But according to Ponemon Institute, less than 10% of a company’s data security budget is spent on protecting paper documents, putting them at risk for internal fraud.

What’s most worrisome is when confidential documents are left in printers and photo copiers – and insider fraudsters get their hands on them. 

What to do: Implement a secure printing strategy that includes pull printing so print jobs are released only to authorized users. Use reminder posters in common areas. Partner with a document destruction company so the hard drives of all office equipment including printers are physically destroyed at end of life (just erasing them is not a guarantee that data is destroyed).

Open Recycling and Waste Bins

One of the places paper documents are most at risk to information thieves is in a trash bin, according to the 2014 Security of Paper Records & Document Shredding report by Ponemon.  

Unfortunately, the 2015 State of the Industry Report by Shred-it showed that both large and small organizations need to improve their document storage and disposal protocols.  

What to do: Encourage electronic documents whenever possible. Use a document destruction company and replace open bins with locked consoles for documents that are no longer needed. Implement a Shred-it-all Policy to eliminate employee error.  

Messy Desks

Papers, post-it notes, and other information in full view on desks and screens all pose security risks.

What to do: Implement a Clean Desk Policy so information is secured at all times. Partner with a document destruction company so the document disposal is seamlessly embedded into the workplace.

IT Devices

When employees save information on IT devices and take them home, there is an increased risk of a data breach.  

Plus, the 2015 Shred-it Security Tracker showed that 37% of businesses surveyed have never securely disposed of USBs.  

What to do: Stipulate that employees take home only the information that is absolutely necessary. Use a storage device sign-out process. All storage devices must be securely destroyed when they reach end of life.

Mobile Workforce

A recent BT Americas study revealed that mobile security breaches have affected 68% of global organizations in the last 12 months. Most mobile devices contain confidential data.

A 2015 IDC forecast showed that by 2020 the U.S. mobile worker population alone will account for 72.3% of the workforce – but only 20% have received information security training on the security of mobile content access and management.

What to do: Train employees on cyber security best practices. Offer ongoing support including an app ‘store’ for approved mobile device applications.   

Not overlooking these obvious workplace security vulnerabilities will help prevent occupational fraud.