Despite a shift towards online storage and the growing popularity of the “paperless office,” paper documents continue to be prevalent in Canadian workplaces. More than half of Canadian C-suite leaders and small business owners (58 per cent and 59 per cent, respectively) believe that the volume of paper they use in their organization will either stay the same or increase in the next year, according to the Shred-it 2017 Security Tracker Survey.
The survey also found that the majority of Canadian businesses have policies in place to ensure formal business documents — such as legal, financial and tax records — are securely stored and destroyed. But all too often organizations overlook everyday paper items in their data protection strategies. These seemingly harmless sheets and slips of paper that accumulate on desks, in open recycling bins and by the printers can contain highly confidential and sensitive information that could subject an organization to fraud.
A simple and cost-effective fraud prevention technique is to implement a clean desk policy, which requires all documents to be stored in locked filing cabinets when employees are away from their desks. This policy not only reduces an organization’s risk of fraud, but also encourages employees to declutter often and fosters an appreciation for the importance of information security.
In order to have a truly effective fraud mitigation strategy, business leaders need to understand all points of vulnerability within their organization. It’s key for businesses of all sizes to establish information security policies that apply to all sources of fraud or identity theft — including unexpected, everyday paper documents.
Points of vulnerability
Consider this: An employee receives a package at the office, removes the contents, breaks down the shipping box and tosses it into the recycling bin. But what about that shipping label still stuck on the box that’s now in an unsecured bin? Beyond the company address, shipping labels can potentially include tracking codes or account numbers. This information — especially if it’s combined with other information a fraudster may have gathered about the organization — presents a “hidden” security concern that can expose employees or the company to risk.
PowerPoint presentations are another commonly encountered example of risky everyday documents. While presentation decks are typically developed and delivered digitally, there’s still a tendency to print and distribute hard copies to clients, customers or colleagues. Slide decks can be a prime source of sensitive information about an organization’s finances or intellectual property and there is no way to monitor these printed decks once distributed.
Receipts, resumes and boarding passes are other examples of unexpected — and often overlooked — sources of sensitive information that can leave employees or an organization vulnerable to fraud if misplaced.
Deployment and enforcement
Consider the following questions when rolling out a clean desk policy in the workplace:
What does a clean desk policy look like in practice?
On a daily basis, employees should follow the “three p’s of office organization”: plan, protect and pick up. Employees should start each day with a few minutes of planning to organize the documents needed and file the documents not needed. Then, whenever employees step away from their desk, they should take a look to see if any of the papers left out contain sensitive information. If so, they should place the documents inside a folder out of sight. Lastly, when employees leave in the evening, they should file all documents or lock them up. As an added benefit, the office will be tidy first thing in the morning!
How does an organization roll out a clean desk policy?
Start at the top, by having senior managers follow and promote the policy. Also put it in writing, making clear instructions available to employees on how to follow the policy and why it’s important. Recognize too that an organization simply can’t have a clean desk policy if employees have nowhere to securely store documents. Consider purchasing small, lockable storage boxes that fit under desks.
How does an organization enforce a clean desk policy?
Post signs in key areas of the office reminding employees to follow the policy and appoint a manager from each department as monitors to check everyone’s desk at the end of the day. Keep track of employees who don’t follow the policy, creating and using a desk tent or a door hanger with a reminder that they left sensitive documents on their desk. Come up with creative rewards for employees who follow the clean desk policy — for example, a contest between departments.
To complement a clean desk policy, organizations should consider implementing a shred-it all policy. This policy eliminates the guesswork of what is and isn’t considered confidential by requiring employees to shred all documents. All shredded paper is then recycled, adding an important environmental benefit.
Canadian organizations must remember to be vigilant about document security and keep in mind that everyday paper documents — if disposed of improperly — can put individuals and businesses at risk of fraud. Deploying a few simple, yet effective, information security policies can go a long way towards ensuring businesses protect their customers, their reputation and their people.
Kevin Pollack is senior vice president of Shred it. In his role, Kevin focuses on excellence in sales, marketing and customer experience. He has a passion for service line enhancement, driving growth and commercial strategy.