Over a third of SMBs never train employees in info-security

Employees can help fight against fraud by urging their bosses to provide adequate information security training.

That’s the message from the UK’s leading data destruction company Shred-it. To highlight International Fraud Awareness Week, the company is calling on workers in the UK to take responsibility for helping prevent fraud, which costs businesses £193 million a year, but also has serious personal consequences for individuals.

International Fraud Awareness Week (13th– 19th November 2016), is organised every year by the Association of Certified Fraud Examiners, the world’s largest anti-fraud organisation. It stands up against fraud to minimise its global impact and promotes anti-fraud awareness and education all around the world.

Regular information security training is a crucial aspect of protecting organisations and their employees against fraud caused by a data breach. Despite this, over a third of small business owners (34%) admit to never training their employees on information security while 58% of C-Suite executives confess to training their staff only once a year or less, according to Shred-it’s 2016 Security Tracker survey.

While a lack of training puts businesses at significant reputational, legal and financial risk, employees also suffer from data breaches and associated fraud. Fraud can lead to a reduction in bonuses if the organisation’s profitability is impacted due to financial repercussions or fines, or even job losses. Employees may also find themselves under intense media scrutiny, or involved in the hugely time and resource consuming task of cleaning up the aftermath, both internally and externally. Because of this, Shred-it is encouraging workers to ask their bosses to equip them with the knowledge and tools necessary to protect the workplace.

“Information security training still sits low on the list of business priorities for most companies and business leaders.” says Robert Guice, Senior Vice President, EMEAA at Shred-it.

“However, it can make the difference between a protected workplace and one recovering from the damage of fraud caused by data breach. Employees have a vital role to play when it comes to the preventing fraud in the workplace. The right training can help workers fully understand their responsibilities and take meaningful actions towards preventing a data breach.”

He added, “During International Fraud Awareness Week, we urge all employees to take the initiative and call on their business leaders and colleagues to address any existing information security gaps and to commit to regular training.”

Risk Areas

As part of International Fraud Awareness Week, Shred-it has launched a Fraud Awareness Quiz which will enable businesses and employees to test themselves on their information security awareness and to identify risk areas within the business that are open to exploitation from fraudsters.

Shred-it has also developed tips for workers to share with their colleagues to help in the fight against fraud:

  • Encourage your colleagues to adopt a Clean Desk Policy. That means locking away all information when you’re away from your desk to hide it from prying eyes!
  • Educate your co-workers on the most vulnerable areas in the workplace. The printer area for example is a hotbed for sensitive information. Make sure your colleagues get into the habit of collecting their printing immediately!
  • Having a wastepaper or recycling bin at your desk is handy but you could accidentally throw away confidential business or personal information. Suggest that your workplace gets a locked and secure bin for all unwanted paper documents.
  • Flexible and mobile working is great, but remind your team that all information needs to be treated with the same care even from home. Leave non-essential documents in the workplace when you’re working remotely!
  • Does one of your colleagues have responsibility for shredding documents using an office shredder? It’s not as secure as they may think. These machines often strip-shred documents meaning they can be easily reconstructed. And documents are often left unsecured whilst waiting for someone to have the time or motivation to shred them.  A secure cross-shredding service is more secure.
  • Think your co-workers are as pressed for time as you are? Why not take away the hassle and security risk of having to decide what is confidential and what is not by suggesting your business implements a Shred-it All Policy so that all information is securely destroyed.