It’s Fraud Awareness Week.
Is Your Information Secure?
The Art of Fraud
The wisdom of scientist John A. Widtsoe’s quote, “Fraud and deceit are anxious for your money. Be informed and prudent.” lines up perfectly with Fraud Awareness Week. No matter what type of valuables you possess, there are people who are intentionally seeking to take them. You can’t just ignore the unpleasant specter of fraud. After all, it is someone’s full-time job to find, steal and benefit from your information. Even if most of your information is on paper and kept secure internally, the information it contains still has the potential to be used illegally.
Between November 13 and 19, 2022, Fraud Awareness Week is here to remind businesses across the globe to ensure their information is secure. To help you evaluate your company’s situation, below are five key questions to ask yourself. The answers might urge you to make some valuable changes to your security practices.
1. Do we have an information destruction policy?
You might assume that your employees are vigilant about protecting information and know what documents should be destroyed, but unless they are guided by policy, they are likely guessing or ignoring information security altogether, creating a major, ongoing risk for your organization.
A predefined information destruction policy will clarify:
- what to destroy
- when to destroy it
- the method of destruction
It should define procedures for both day-to-day documents as well as the lifecycle and final disposition of long-term documents. For instance, implementing a “shred everything” policy for day-to-day documents ensures that no matter what information is on the paper, it will be destroyed so that no information can be retrieved from it. This includes everything from hand-written sticky -notes to magazines with address labels and snail mail marketing.
Long-term documents aren’t necessarily meant to be kept forever. Each type of document has a government-required retention period. Long-term documents include tax information, personnel records, medical records, client information, and more. At the end of their lifecycle, data privacy regulations require that they be and properly shredded.
2. Does our staff re-file documents when not in use?
No two employees will operate the same way, but having a “clean desk” policy places importance on keeping all information secure. Data breaches occur when sensitive documents are left out and unprotected from unauthorized individuals. Multiple studies and sources indicate that the biggest contributing factor to fraud is a lack of internal controls. Leaving documents unattended is a perfect example of an internal control that needs to be tightened.
3. Is information security part of our staff training?
If your employees aren’t clear on the importance and legalities of keeping information private and secure, they will become the weakest link in your chain of custody. Training may include these important security factors:
- Protect information that is confidential. Personally Identifiable Information (PII) must be protected at all times, from the time it is generated until it is destroyed.
- Be aware of—and sure of the identity of—anyone you share protected information with, whether internally or externally.
- Shred all paper documents, no matter their source.
- Lock up documents before leaving the area. Do not leave documents unattended.
- Report any activity that may be fraudulent.
4. Are our paper documents backed up?
Having no backup of your information to use in a crisis can mean the difference between success and bankruptcy. Storing digital backups of your documents digital format is affordable, but the alternative is not. Back up your data regularly and store them in the cloud and, if possible, on physical storage media kept in a secure, offsite location. Have a disaster recovery plan in place and make sure that your staff know how to implement it quickly.
5. Who is destroying our documents?
In-house shredding may seem like a viable option, but consider these fundamental problems with DIY shredding:
- Shredding machines require that employees spend valuable time feeding documents into a shredder, fixing paper jams, and discarding the shredded material. Most employees would rather avoid this and toss documents into the recycle bin instead.
- Discarded material shredded in-house sits in the trash bin or dumpster all together, just waiting to be pieced back together. This is like gold for dumpster divers.
- Where are your discarded documents being stored until they are shredded? If they pile up in open areas, you are running the very real risk of a data breach.
- When you shred in-house, there is no proof you are compliant with data privacy laws. When you partner with a NAID AAA Certified shredding company, you not only benefit from the highest security standards in the industry, but you can also request a Certificate of Destruction for your records in case of an audit.
Richards and Richards is a Nashville’s oldest NAID AAA Certified shredding company, offering a full suite of shredding and destruction services. If you have questions or would like more information about secure shredding, give us a call at 615-242-9600 or complete the form on this page. Our friendly experts are standing by to assist you.