March is Fraud Prevention Month, and it marks the perfect time to analyze how well your company is protecting itself from security risks and breaches that could potentially lead to fraud. Beginning in 2004, the Fraud Prevention Forum has organized and promoted Fraud Prevention Month, aimed at increasing awareness and education about the issue of fraud in Canada.
The latest statistics illustrate just why fraud prevention needs to be a top priority. According to a study by Javelin Research, identity theft is one of the fastest growing crimes in North America. The study found that in 2009, identity theft affected 11.2 million consumers, with a price tag of nearly $54 billion. This number marks a huge increase from 2008, where 9.9 million people were affected with a cost of about $48 billion.
What’s more, a 2010 TD Canada Trust survey showed that 40% of Canadians surveyed say they are 'very' or 'extremely' concerned about becoming a victim of fraud in the future, and 33% of Canadians feel they have been a victim of debit card or credit card fraud in the past. Yet, Shred-it’s own research showed that 6 out of 10 companies are failing to comply with basic security practices!
With these sobering numbers in mind, what should you be doing to protect your company from fraud? We’ve classified our prevention approach into four categories:
- Security policies and training. People, whether negligent or intentional, continue to represent the greatest risk when considering workplace security:
- Develop formal information security policies and train employees on how to follow them.
- Limit access to confidential documents and the number of people who handle them.
- Show employees that security is a company-wide initiative by management leading by example.
- Information security strategy. With risks and threats continually evolving, it is important to have security best practices in place that:
- Call for regularly-scheduled, periodic security audits.
- Identify any loopholes or vulnerabilities with the information lifecycle, particularly data storage, transfers and destruction.
- Pay attention to unique security risks within your business model, examining both electronic and paper-based information.
- Emphasize building vendor relationships with companies that understand your risks plus best practices and legal compliance.
- Electronic information sources. Websites, networks, emails, software and hardware all present opportunities for security lapses:
- Install and update firewalls, anti-virus software and network protection on all computers.
- Ensure employees use strong passwords that are changed regularly.
- Generate individual user accounts for each employeeso each employee can be held accountable for his or her actions on various networks and activity within sensitive files.
- Paper-based information sources. Printed documents containing confidential information pose a tremendous security risk if they are mishandled, lost or stolen so it is important to:
- Store documents that are no longer needed in secure, locked consoles until they are destroyed.
- Implement a “shred-all” policy so that your employees do nothavetodecide which documents contain sensitive information. Instead, all documents are securely destroyed on a regular schedule.
- Examine working with a reputable document shredding provider if sourcing document destruction in -house is not a viable option.
If these guidelines and tips have made you curious about how your business currently stacks up in terms of its overall information security, please take Shred-it’s online self-assessment survey
. With a better idea of how to examine your business for security loopholes, you’re now on your way to identifying the gaps and taking steps to correct them. Additionally, enlisting the help of a security professional such as Shred-it can be a great way to elevate your company’s security – and contribute to making Fraud Prevention a reality.