In an environment where keeping sensitive documents is continuously being compromised, it is important to have protocols in place that will alleviate ID fraud and document breaches. While training employees on how to handle important documents is a priority, businesses must use additional methods to ensure the safety and security of their information.
There are a number of office products on the market that can assist in helping secure confidential documents. Although technology has introduced a new level of protection, there should be manual procedures in place for those paper documents that cannot be electronically secured. Here are a few tips for keeping your business documents secure:
One of the most effective ways to ensure sensitive documents are completely destroyed is by shredding them. Employing procedures that include shredding documents, especially those of a financial nature, can help avoid data breaches and sharing employee information. Never take a chance by throwing these items into a wastebasket – the risk is too great.
When you have a number of similar documents on hand, stapling them together can be an effective method before placing them into a locked box or secure cabinet. Once you have properly classified your documents, stapling them will ensure some protection, but only if the documents will be placed in a secure location.
Many businesses use the notebook system and hole-punch documents. If this system is employed, make sure the notebooks are kept under lock and key, and are colour-coded to delineate what type of document can be found in which notebook.
Other protocols to follow:
• Make sure employees have accountability procedures in place to regulate who handles certain documents. This will help to pinpoint who is responsible in the event of data leaks.
• Always secure any sensitive documents. Do not leave them out on a desk or table, even if stepping away for a few minutes. Carelessness is not an option and could jeopardize the company in a major way.
• When confidential or important documents must be duplicated, have one person designated with the task. This helps with accountability and safety protocols.
Every business should have a manual that outlines all document protection protocols to follow, and each employee should sign to ensure everyone is on the same page. Being proactive and diligent in following the correct methods of document protection can save time and money while avoiding potential disasters.
As the owner of a small business, you control many documents that could expose your identity and many more that could expose the identities of your customers, your business partners and product providers. You have the responsibility to manage these documents properly.
1: Safeguard Long-Term Records
There are a few essential documents that establish the legality and legitimacy of your business. You can keep copies of these on hand if necessary, but originals should be kept in a locked, fireproof safe. Access to this safe should be limited to essential personnel only, including your spouse, business partners, and/or heir.
2: Secure Mid-Term Records
The law requires you to maintain certain records on the premise for a specified length of time, including: financial records, safety records, inspection results, and employment records. These documents should be kept in locked file cabinets with limited access. Select employees should have access as required by the needs of your business, but the number should be limited and a lock should be used. The documents you need to maintain and the length of time you need to maintain them will vary depending on the nature of your business.
3: Shield Short-Term Records
As a function of your business, there are records and documents you will produce on a regular basis that must be maintained for a short period of time. Work orders and shipping receipts are good examples. These records should be kept in a monitored area because they need to be accessed by employees, but they also include identifying information. Ideally, monitoring should include in-person attendance as well as security camera monitoring. These records should be sorted daily. Those records that must be kept should be secured as mid-term records. Those that do not need to be kept should be discarded.
4: Shred Disposable Documents Daily
After short-term records have been sorted, you should have a stack of documents that should be discarded. These documents may include personal identification information, even if they do not need to be kept. All of these records should be shredded to maintain the security of personal or professional identifying information.
5: Shred Disposable Records Monthly
Mid-term records should be cycled out on a monthly basis. This prevents wasting space to store documents that are no longer necessary. These documents contain sensitive information and should be shredded immediately, and shredded document material can be recycled. If you take these precautions, you can limit the opportunity others have to misuse sensitive information involved in the practice of your business. It takes time, but it’s worth it to know that you’ve done everything you can to protect yourself, your employees, and your customers.
Shredding documents takes time, but it’s an important step you can take to protect your privacy and your identity. Here are ten reasons a document should be shredded:
1: Your personally identifying information is on the document.
This includes your name, address, telephone number, or e-mail address, as well as social security or pin numbers. Any of this information can be used to piece together a stolen identity.
2: Your account information is on the document.
This includes complete or partial account numbers, account address or e-mail address, pin numbers, and recurring payment information. Any of this information can potentially be used to make fraudulent charges on an account.
3: Your business information is on the document.
This includes your business tax ID number, your social security number, your business address or telephone number (which may be used as an account number), pin numbers, or account numbers. Any of this information could be used for ID fraud or to make fraudulent charges on business accounts.
4: Your payment information is on the document.
This includes routing numbers, account numbers, credit card numbers, or an e-mail address (if paid via an online payment system). Any of this information, including partial information, can be used to make fraudulent charges.
5: Your security system information is on the document.
This includes the pass code you use to shut down your security system electronically, the password you use to shut down your security system orally, or any information that may be used to access these details. These codes could be used to disable your security system without your authorization.
6: Your computer passwords are on the document.
This includes the password to access your computer, laptop, or smartphone and the passwords you use for specific websites and online accounts. While it is difficult to remember all the passwords we need, this information should be stored securely.
7: Personal information identifying someone else is on the document.
This includes name, address, telephone number, and e-mail address, as well as social security or pin numbers. It is especially important to protect the identities of children, because their identities can be stolen for years before anyone notices.
8: Someone else’s account information is on the document.
If you do business with someone else and produce or use an account number to complete a transaction, then these documents should be secured as long as they are needed and then shredded. Otherwise, someone could use this information to make a fraudulent transaction.
9: The document contains a transaction history.
If a document contains a transaction history, then it can be used to make fraudulent transactions more difficult to recognize, because the transaction history can be modified in smaller increments.
10: The document contains private information that should not be publicly disclosed.
This includes sensitive information that someone wants to keep confidential, including medical information, personal letters, and diary entries.
Identity thieves are out there and can threaten your privacy and peace of mind. It’s time to shred away the risks, and use these ten reasons when determining which documents should be shredded.
In the US events known as “Shred-A-Thon” are taking place up and down the nation. The concept is simple; take your personal, sensitive or confidential documentation to a central point and join others in a mass shred! There is something cathartic and social about the programme in a land where identity theft has a much greater profile than here in Europe.
We can’t lay claim to the idea but we what about this for a twist! In a recent article (see Rexel News: How Safe is your Business?) we discussed the size of the identity theft issue here in Europe and commented that the starting point for effective action is awareness amongst all staff, not just senior management. Why not try a Shred-A-Thon?
What is a Shred-A-Thon; at its simplest it is an awareness day (or period) linked to positive group action. Use your internal communication channels to raise awareness of corporate fraud and identity theft issues; intranet, email, posters by the coffee machine. Then set aside a lunchtime, put on some catering and invite staff to bring both company confidential and personal documents to a central location (the staff restaurant, conference room, break out area) for a public shredding.
The benefits; you will ensure that one batch of sensitive material is properly destroyed. You will raise the awareness of identity theft within your organisation and start a new behaviour towards the destruction of documents. You can even use it to launch a comprehensive review and proactive strategies.
In the last of our features on the “Top 14 Financial Frauds of All Time” we turn our attention to “The ZZZZ Best Cleaners” (1986)
Barry Minkow became the new darling of Wall Street when he floated his cleaning company on the US stock market. Shares in ZZZZ Best experienced a meteoric rise creating a company with a market capitalisation of $200 million. Unfortunately, ZZZZ Best, originally funded through a series of credit-card thefts didn’t have any contracts and very few assets. It was in short an elaborate hoax. Once discovered the stock dropped to zero, investors lost their money and Minkow lost his liberty. Lest you mock; Minkow’s time at the top earned him a guest spot on the Oprah Whinfrey show, the ultimate in American endorsements.
How many times have you let your credit / debit cards out of your sight in a restaurant or shop? What do you do with the paper receipts, carbons and credit card statements?
The trend towards recycling whether residential or in business has potentially given rise to an increase in identity theft. Whether it is the curb-side recycling bins outside your home, or specific re-cycling areas within / outside business premises, in town centres or other public places, the drive to sort the rubbish and place it in categorised containers means that the job of the identity thief has just got easy. Without realising what we are doing we are collecting together all the “good stuff” and it is no longer mixed-in with the soiled rubbish.
How do you dispose of the following: –
• Travel records
• Credit card statements
• Pre-approved credit offers
• Tax information
• Pay stubs
• Bank & Financial statements
• Personal contact, Employee, customer, supplier details
• Strategic planning information
Looking after the environment is a good thing, however sometimes well intentioned actions have un-intended consequences. Using a shredder prior to disposal is your key weapon against identity theft and the resulting pieces are easy to mulch!
In the third of our features on the “Top 14 Financial Frauds of All Time” we turn our attention to my personal favourite; “The Eiffel Tower Sale” of 1925
This scam involved “Count” Victor Lustig who created a false identity for himself that authorised him to sell the Eiffel Tower for scrap. Lustig then did just that, securing bribes from two companies worth over $200,000 to scrap the famous Parisian landmark. Once he had the money he left France, returning to the USA with the proceeds. Many will see this story as humorous and the good “Count” as a loveable rogue. However many people fall victim to this form of identity theft. No-one is exempt; From the grandmother answering the door to the would be sales person to Sven-Goran Eriksson (former England football team manager) and the North Korean government, both of whom recently fell prey to the same mining scam.
This form of fraud often results in financial loss, credit rating issues and misery as the victim tries to correct the resulting mess. Always thoroughly check the identity of someone you don’t know before entering into any arrangement that makes you vulnerable to fraud.
For many buying a paper shredder can be a confusing business. There is bin size, number of papers a machine can shred in a single go and then there is the security level. The first two are really about convenience and the number of shared users but shredder security can be a really key issue.
Identity theft is on the radar of the world’s legislators; US legislation obliges anyone employing one person or more to look after sensitive information. Failure could incur fines and leave the individual or company open to being sued. In Europe the relevant EU Directive dates back to 1995 and mandates a framework of protection for personal information. In the UK, failure to treat sensitive data correctly can result in a fine up to £500,000 and if operating in sensitive sectors there are more stringent penalties.
Paper shredders are given a security grading based on the type of cut used in destroying a document. The grading starts at S2, a ribbon cut for general day to day shredding of non sensitive documents. S3 machines give a confetti cut suitable for personal / strategic information. S4 machines provide a micro cut for highly confidential information such as financial data, personnel records etc. Finally S5 shredders deliver a super micro cut providing a security level for top secret or highly confidential information, e.g. government or military data.
Deploying shredders in key locations around your business is an effective destruction strategy. Rexel offers a comprehensive range of paper shredders from S2 to S5 security levels.
In this blog we have been offering opinion on the issues associated with identity theft and advice to business and individuals on appropriate mitigating actions. Despite our heightened awareness of the issues there was still a feeling that identity theft happens to someone else. That all changed on 9th June when someone rang the office of ACCO Brands’ Chairman and CEO in the USA claiming to be ACCO’s European Senior Vice President of Marketing and requesting personal contact details of a former senior employee of the company. Fortunately the chairman’s secretary, who has met the individual in question, was sufficiently suspicious and requested the support of a European PA to validate the identity of the caller. This action quickly established the call as a crude attempt to impersonate a member of the ACCO Brands team and a potentially damaging situation was averted.
In a recent article, written for the magazine European CEO entitled “How Safe is Your Business”, we outlined 6 actions designed to reduce the risk of falling prey to identity theft and corporate fraud. They are –
Always verify the identity of customers, suppliers, business partners and employees
Review online security arrangements; a firewall and wireless encryption are simple steps. More complex businesses dealing in eCommerce will need to consider secure payment systems and compliance with local legislation around the handling and storage of customer details.
Review all your information, not just paper-based. Think about all the data held by various departments whether in files, on PCs, etc.
Classify the data, e.g. general, sensitive and confidential.
Define how each classification should be stored, accessed and destroyed.
Never allow company information (even seemingly innocuous things like company letterheads) to be thrown in the bin.
The first action can seem trivial but as our recent experience demonstrates one can never be too careful! Identity theft is a serious and growing issue and the consequences can be very damaging. Take action now to reduce your risk of falling prey to the fraudsters!
Consumer insight doesn’t just apply to new product development. At Rexel we try to use insight in everything we do. So what lies behind the recent launch of the competition “My Fantasy Stapler”?
Our research has revealed some fascinating facts; most office workers regard their stapler as just that – theirs! There is an attachment to the product that can become very protective. During the recent recession many staplers were taken home by staff made redundant because they believed them to be personal property. The fascination with the stapler doesn’t end there though. Many people customise the product; we have a dedicated Leicester City supporter in the office and his stapler proclaims his allegiance.
My Fantasy Stapler is a celebration of the special bond between the user and the product. The competition invites users of stapling equipment to indulge the bond and use their imagination to create a customised stapler that is way beyond the norm. Introducing the social media Facebook and Twitter provides a voting platform leading to the award of the prizes; Samsung Galaxy Tab. Why not test your imagination and get your friends to vote you a Rexel “My Fantasy Stapler” winner?
Rexel has a full range of stapling and punch equipment and has just launched a new range of easy on the hand, low force staplers.