Shred-it, as a member of the Canadian Fraud Prevention Forum, has identified five everyday paper documents that – if disposed of improperly – can undermine the information security of an organization and its employees, and increase the risk of fraud.
A typical organization generates about 1.5 pounds or almost 0.7 kg of wastepaper per employee each day1. This includes formal business records, like legal and tax paperwork, as well as everyday paper items. These everyday documents can contain highly confidential and sensitive information, but are often overlooked in data protection strategies and are not disposed of properly. The loose records and papers that tend to linger around workstations and offices can subject organizations to fraud and individual employees to identify theft. It’s key for businesses of all sizes to recognize that information security risks can originate from a variety of paper documents.
“The first step in protecting your business from the significant financial, legal and reputational damage fraud can cause is to understand all the areas of vulnerability within your organization,” says Kevin Pollack, Senior Vice President, Shred-it. “If sensitive information is unintentionally left available to fraudsters, an organization can be exposed to serious information security issues, and the potential for fraud – at both the organizational and individual level – significantly increases.”
With the shift towards online storage and a “paperless office”, the majority of fraud prevention and data protection strategies focus on protecting digital information. Yet, purging the office of all sensitive and unnecessary paper and records is an important component of a successful fraud mitigation strategy and will protect your business’ customers, employees and reputation.
To help businesses embed document management best practices into employee behaviour and encourage frequent document destruction, Shred-it has identified “Five Everyday Documents” that should be shredded to reduce the risk of fraud:
- Shipping Labels – In an attempt to be environmentally conscious, it is standard practice for businesses to break down delivery boxes for recycling. One step that is often forgotten is to remove the address label from the package, which can potentially include the business address, tracking codes, work orders or account numbers. When breaking down boxes or packages, businesses should remove and securely dispose of the address label.
- Receipts – Business professionals often have the opportunity to expense client lunches or business necessities paid for out-of-pocket. The receipts associated with these expenses, which contain personal and/or corporate financial information, are often left on desks and easily accessible to fraudsters. Once submitted to the accounting department or recorded on client invoices, receipts should be shredded.
- Printed Presentations – While the majority of presentations are developed and delivered digitally, many employees still provide hard copies to clients or colleagues. This tendency can result in an unnecessary number of printed documents floating around the office, which can put an organization at risk if the presentation includes sensitive informative.
- Resumes – It is common for Human Resource professionals to print candidates’ resumes during the hiring and interview process. The information found on a resume not only includes personal contact details, but a record of previous employment, academic history and participation in any committees or organizations. All printed resumes should be kept in a secure, locked location or stored digitally in a password-protected file. Once resumes are no longer needed they should be destroyed.
- Boarding Passes – According to cybersecurity experts, fraudsters are able to read the barcodes on boarding passes and gain access to passengers’ contact information, future travel plans and frequent flyer accounts2. Travellers should be careful not to leave paper versions of their boarding pass in public areas or in their seat pocket. Use an electronic boarding pass on your phone or shred the paper copy following your flight.
In the hands of fraudsters, the personal and professional information found on a wide range of seemingly harmless slips of paper can open up your organization and your employees to fraud. To help mitigate this risk and educate employees on their roles and responsibilities for data protection, business leaders should train employees on how to properly handle paper documents and encourage frequent destruction of documents. Additionally, implementing information security programs like a Shred-it All Policy and a Clean Desk Policy eliminates the guesswork of what is and isn’t confidential and ensures employees don’t accidentally leave confidential information in an unsecure bin. As an added environmental benefit, all shredded material is recycled.