Preventing corporate fraud is 10% luck, 90% good practice. In other words, we can’t avoid corporate fraud by crossing our fingers and hoping for the best. A business can – and should – take decisive measures to protect itself. And it’s not just big corporations that have to stay wise; according to Action Fraud, SMEs lost £18.9 billion to corporate fraudsters last year.
The bad news is simple: this threat won’t go away on its own. But the good news is that companies can take a series of very simple, but very effective, steps to help protect businesses and employees alike. And what’s the golden rule? To look after your documents.
Whether it’s a hard copy or a digital file, a document circulating in a business context will almost always have sensitive information of one kind or another. And even if one email or invoice might not represent much of a threat, an accumulation of these can quickly become valuable – and desirable to fraudsters.
There are six key features of responsible document management:
- Retention schedule
Clearly label documents by the information they contain, how long they need to be kept on file, and the date when documents can be destroyed. Use a simple and consistent method, so staff throughout the organisation can get on board.
If you have a system for labelling the relative sensitivity of different documents, this can also be used to help you decide where they’re stored, as well as for how long. Whether this is in cloud services, hard drives or paper archives (or most commonly, in all three), develop a system that balances accessibility with security. After all, if you and your staff are expected to navigate countless passwords throughout their working day, that won’t necessarily encourage good practice.
- Workplace policy
Every place of work should have an Information Security Policy, with company-wide support. This will normally include features such as a Clean Desk Policy and a Mobile Workforce Policy. To find out more about fraud-prevention practice, you may want to start by exploring the Cifas website.
All documents should be reviewed and rated for how sensitive the information they contain might be. Then, limit access to personnel who need the information to do their jobs. And there should be confidentiality agreements with vendors, suppliers and employees.
- Document destruction
It might sound a bit drastic, but shredding is hard to beat as a reliable security measure. Your shredding services provider should have a secure chain of custody that includes locked containers, on or off site shredding, and a ‘Certificate of Destruction’ for legal proof after every shred. Consider a shred-all policy so all documents that are no longer needed are securely shredded. This removes any risk that employees might make the wrong decision about whether or not information needs to be destroyed. Speak to the document destruction company about e-media and hard-drive destruction, too.
All companies that handle confidential information should be aware of new, revised and existing privacy laws and legislation that pertain to their industry. Safeguarding information is important, but there are also regulations regarding how long certain information must be kept on file.
In conversations about corporate fraud, you might hear the old saw that, whatever steps you take, criminals will find a way to stay one step ahead. But that’s what fraudsters want you to think – that security is out of your hands. It isn’t, as long as you grab hold of it.
About the Author
Joseph O’Brien writes to raise awareness of fraud and document shredding for KN Office Supplies.