Culture

One simple office policy can help save your organization from fraud

By Kevin Pollack

Do you know how many paper documents your employees produce? Likely more than you think. Despite a shift towards online storage and a “paperless office,” a typical organization still generates about 1.5 pounds or almost 0.7 kg of wastepaper per employee each day, according to RBC, much of which ends up tossed into recycling bins or scattered across office surfaces. But take note: some of the seemingly harmless loose sheets and slips of paper that accumulate on desks, tables and by the printers may unexpectedly put your organization and employees at risk of fraud.

HR professionals follow strict guidelines to protect confidential employee information, such as social insurance numbers or health insurance details. But in order to have a truly effective fraud mitigation strategy at your workplace, you need to cover all your bases. This means establishing information security policies that apply to all sources of fraud or identity theft – including unexpected, everyday paper documents.

Human resources is responsible for handling many resumes from hopeful job seekers. These documents contain a treasure trove of personal information: an individual’s full name, home address, personal email address and professional and academic background. In the wrong hands, this information strengthens a fraudster’s ability to steal an identity.

Take PowerPoint presentations as another example. While presentation decks are typically developed and delivered digitally, there’s still a tendency to print and distribute hard copies to clients, customers or colleagues. Slide decks can be a prime source of sensitive information about an organization’s finances or intellectual property and there is no way to track where these printed decks end up once you hand them out.

Receipts, shipping labels and boarding passes are other examples of unexpected – and often overlooked – sources of sensitive information that can leave employees or an organization vulnerable to fraud if misplaced. For example, fraudsters are able to read the barcodes on boarding passes and gain access to passengers’ contact information, future travel plans and frequent flyer accounts, according to cybersecurity experts.

Human resources professionals must be leaders in establishing a culture of security and shared responsibility in order to ensure that their organization and employees’ confidential information is protected.

A simple and cost-effective way to ensure you cover all your bases in fraud prevention is to implement a clean desk policy in your organization. A clean desk policy ensures that everyone plays a role in information security by keeping their desks clear of sensitive documents. This policy not only reduces your organization’s risk of fraud, but also encourages employees to declutter often and fosters an appreciation for the importance of information security.

Some of the seemingly harmless loose sheets and slips of paper that accumulate on desks, tables and by the printers may unexpectedly put your organization and employees at risk of fraud.

Here are some frequently asked questions to help you implement and enforce a clean desk policy in your workplace.

What does a clean desk policy look like in practice?

On a daily basis, employees should follow the “Three Ps of Office Organization”:

  1. Plan: Start each day with a few minutes of planning to organize the documents you need and file the documents you don’t need.
  2. Protect: When you leave your desk, take a quick look to see if any of the papers on your desk contain sensitive information. If so, place them inside a folder out of sight.
  3. Pick up: When you leave your desk in the evening, file all your documents or lock them up. As an added benefit, you’ll enjoy a tidy office first thing in the morning.

How do I implement a clean desk policy in my workplace?

  1. Start at the top: Make sure to get agreements from your senior managers to both follow and advocate for the policy.
  2. Put it in writing: Communicate clear instructions to employees on how to follow the policy and why it’s important.
  3. Provide lockable storage: You simply can’t have a clean desk policy if your employees have nowhere to securely store documents. Consider purchasing small, lockable storage boxes that fit under desks.

How do I enforce a clean desk policy?

  1. Display reminders: Post signage in key areas of the office reminding employees to follow the policy.
  2. Appoint monitors: Request that a manager from each department check everyone’s desk at the end of the day. Once employees get into the clean desk routine, you may be able to transition to random desk checks.
  3. Keep track: For those employees who don’t follow the policy, create and use a desk tent or a door hanger with a reminder that they left sensitive documents on their desk.
  4. Reward clean desk employees: Use your creativity when coming up with rewards for following the policy. For example, you could create a contest to see which department adheres to the policy best.

To complement your clean desk policy, consider implementing a shred-it policy to eliminate the guesswork of what is and isn’t considered confidential by requiring employees to shred all documents. In addition, all shredded paper is recycled, adding an important environmental benefit.

A few simple, yet effective, information security policies can go a long way towards reducing your organization’s risk of falling victim to fraud. When all employees understand how to better manage and identify information security risks, businesses do a better job at protecting their customers, their reputation and their people. 

 


 

Kevin Pollack is senior vice president at Shred-it.