Securing the paper chase

Fraud caused by criminal access to personal and confidential files and information leakage is on the increase in the Middle East, according to KPMG’s 2004 GCC Fraud Survey. While regional companies plan to spend over US$66.7 million in 2004 on securing their IT infrastructure, hardly any money will be spent on securing paper-based information.

  • E-Mail
By  Maddy Reddy Published  November 30, 2004

|~|Stuart-Mansbridge11.jpg|~|Stuart Mansbridge, general manager of Shred-it Middle East.|~|Fraud caused by criminal access to personal and confidential files and information leakage is on the increase in the Middle East, according to KPMG’s 2004 GCC Fraud Survey. The advisory firm says one in three respondents had been victimised or witnessed a fraud over the past two years. The majority of the 297 GCC organisations polled during the survey believe that incidences of fraud will increase in the short term.

However, despite acknowledging that fraud is on the increase, regional companies are not looking at the seriousness of the issue objectively, says Robert Chandler, head of KPMG Forensic Middle East & South Asia. “This [the survey results] suggest reluctance by some to recognise any concern over internal controls or the integrity of their employees. This pattern is witnessed in almost all the GCC countries. It suggests that a false sense of security prevails in some GCC businesses on the subject of fraud — some managers appear to see fraud as something that happens to other businesses but not their own.”

KPMG says enterprises need to safeguard confidential information in order to minimise the risk of embarrassment, liability and loss of trade secrets. The US Communications fraud control association quantifies this in excess of US$12 billion annually.

While regional companies plan to spend over US$66.7 million in 2004 on securing their IT infrastructure, besides investing in CCTV cameras and security guards hardly any money will be spent on securing paper-based information. Most transactions are made without any personal contact based on names, account numbers and passwords, which can give rise to fraud if a criminal gains access to an individual or entity’s confidential files. For instance, with enough data, fraudsters can force an insurance firm to pay out loans against accumulated policy values.

“Secure disposal of expired documents that contain vital private and proprietary information can prevent frauds and identity thefts. Not only is wastepaper a rich source of information for competitors and fraudsters, but stolen papers can also jeopardise client relationships. Failure to completely destroy private and proprietary data could even [put a company at] risk from criminal and civil prosecution,” explains Stuart Mansbridge, general manager of Shred-it Middle East.

Employees continue to throw away hard copies in the rubbish under the presumption that since it’s been used, it can be trashed. But the true value of any data is determined when it’s in the hands of someone who shouldn’t have it. In order to cope with this indifference to information disposal in the region, the secure document destruction solution provider is ramping up its operations and working to educate businesses about the secure disposal of old documents.

However, with manual paper shredders costing as low as US$3 to high volume shredders worth a couple of thousand dollars, it is easy to question the need for a third party. “Our shredders are 30 to 40 times faster than a conventional office shredder. Companies can do it inhouse, but if they look at the lost productivity, effective disposal, storage of all that waste besides shredder maintenance, cleanliness and no recycling benefits — it’s at least 25% cheaper with no capital equipment costs,” says Mansbridge.

The company offers free locked security consoles in client offices where staff can drop important documents. Even security conscious companies that opt for proper passwords and dispose important documents using office shredders, often overlook CDs DVDs and floppy disks, which could contain digital copies of sensitive information. To overcome this, Shred-it’s services destroy all physical forms of information storage.

Shred-it’s disposal van comes to the client’s premises to destroy the documents beyond recognition into small strips using cross-shredding techniques. Clients are billed per minute. The destroyed documents, now in the form of confetti-sized pieces, are transferred to a local recycling facility.

To make sure that its own staff or the client’s employees do not mishandle the data the entire process is automated, Shred-it issues a certificate of destruction guaranteeing a 100% secure disposal.

The company’s staff are also trained to identify areas where information maybe accidentally destroyed. This helps in assessing what constitutes to sensitive information and which departments need to be careful about document disposal. Shred-it plans to expand its operations in the Middle East in the new year.

“Currently there are no clearly defined data protection or identity management laws in the region. However, with the development of business clusters such as Dubai International Financial Centre, Bahrain Financial Harbour, DIC and DMC and other major projects, even local companies will be under pressure to comply with international standards. We expect the business and awareness to increase,” says Mansbridge. ||**||

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code