Keeping personal data safe is a fundamental part of business management because the consequences of identity fraud can be so serious, but many of us feel we’ve heard it all before. We shred all our confidential documents, take care not to leave our credit cards lying around and never answer spam emails. So far, so vigilant. However, while taking any kind of preventative precaution to avoid identity fraud is commendable, there are a whole host of lesser known but equally insidious techniques that scammers have been known to use to obtain personal details, and many of these begin in the workplace.
Some of the items and methods used to gain confidential information include:
CDs and Flash Drives
Making multiple copies of any kind of digital document makes the information less secure, as there is now more than one way it can be accessed. While an encrypted file may be harder for a scammer to crack, a carelessly misplaced USB pen drive or a CD-R entitled ‘Company Docs’ is a perfect target.
This doesn’t just happen in films where the prisoner overpowers the guard, steals their clothes and strolls straight out of jail. A person standing in your foyer wearing a shirt with your company logo may easily gain people’s implicit trust if they aren’t paying close attention.
The photo ID might not match, but the barcode or the magnetic strip may be enough. If staff cards are not deactivated if lost or stolen or when the owner leaves their job then they provide easy access to buildings and locked rooms for anyone who comes across them.
You charged your train tickets for that meeting to the company credit card? Make sure you’ve still got the receipt. This also applies if you are the one issuing the receipts: while the cardholder copy usually contains little more information than a name and the last four digits of the card number, the merchant copy often shows all the digits.
Keeping track of all the methods by which people may try to access personal or financial details can seem overwhelming, but the likelihood of their occurrence can be massively reduced by implementing sensible company policy. Ask for uniforms to be returned when staff members leave: some data disposal companies, such as Datashred, will discard them securely for you.
Get creative with indelible marker and magnets on lanyards or have them shredded. Keep track of your devices at all times, make sure to overwrite or destroy any disks containing sensitive data, and use a program like CCleaner to overwrite and purge confidential files from your computer. Assign members of HR staff to store and be responsible for sensitive business information such as company card details, and above all, make sure all your colleagues are fully trained in data protection and storage.