Protecting Your Business Against Document Fraud and Theft Should be a Priority

Roy Fenoff, Ph.D., D-BFDE

Thursday, November 2nd, 2017

As a business owner, or manager, document security should be one of your top priorities. In 2016, the Association of Certified Fraud Examiners released its latest Report to the Nations on Occupational Fraud and Abuse and reported that a typical organization loses five percent of its annual revenue to fraud. The 2017 Identity Fraud Study released by Javelin Strategy & Research reported that identity fraud hit an all-time high in 2016 with 15.4 million U.S. victims. Furthermore, the Identity Theft Resource Center revealed that U.S. companies and government agencies experienced 1,093 data breaches in 2016 which was a 40 percent increase from 2015.
Without a doubt, the majority of fraud being perpetrated against businesses is accomplished through document fraud and theft. Therefore, protecting your business requires you to secure your customers' personal and financial information, employee records, and your company's intellectual property and proprietary information. The following are five steps you can take to protect your business by making your documents and data more secure:
1. Conduct a Document Audit
In order to secure your documents you must first identify them. A document audit will help you determine:
- The different types of documents used, and information collected, by your business.

- How documents and information are stored (e.g., electronically vs. a file cabinet).

- Who has access to which documents and information.

- How information flows into and through your business.

- The varying degrees of risk attached to each type of document (e.g., social security numbers and financial information are more valuable for fraud).
2. Identify and Understand your Vulnerabilities
A document audit will help you identify potential risks. However, it is also important to have a complete understanding of your internal and external vulnerabilities. For example, thinking about how someone might gain access to documents stored electronically will help you identify points of weakness. Therefore, periodic vulnerability assessments can assist you in identifying and removing current vulnerabilities.
3. Make Sure Your Documents and Data are Properly Secured
Keeping sensitive information secure from theft can be challenging. However, there are some things you can do to reduce your vulnerabilities.
- Create a document classification system that will ensure that documents and sensitive information is handled according to the risk it poses to your business.

- Store electronic and physical documents in a fireproof and locked location.

- Use encryption with electronically stored and shared documents.

- Add security layers to documents stored in the cloud.

- Update software for security, and run anti-virus and anti-spyware on a regular basis.

- Protect your digital and physical documents from internal threats by limiting access to employees who have a "need to know."

- Conduct Background checks on all employees, contractors, and service providers.
4. Implement a Document and Information Disposal Policy and Follow it
Properly disposing of documents and information you no longer need will free up storage space, and it will help reduce the risk of sensitive information falling into the wrong hands. Your disposal policy should include:
- A retention schedule. Some businesses are required by law to retain certain documents and information for a specific amount of time. Therefore, you should review the legal requirements of your state and determine which documents must be retained and for how long.

- A method that can be used to identify and label the destruction date of all documents in storage.

- A shred-all procedure for the disposal process. If completed in-house, then micro-cut shredders will provide the highest level of security and should be used to destroy paper documents and CDs. If you a large organization, then you may want to consider hiring a reliable third-party vendor that will shred and destroy old documents, CDs, and hard drives for you.
5. Establish a Document Fraud Prevention Program
The best way to reduce the document fraud opportunities that exist at your business is by creating a document fraud prevention program. Indeed, a strong fraud prevention program will help your company's decision makers understand the document risks and vulnerabilities that are present across the enterprise. This will allow them to identify very specific detection and deterrent actions so they can choose a particular type of countermeasure that is effective at reducing the fraud opportunity. Always keep in mind that your company's goal is not to catch document fraud or theft, but to prevent it.
No matter the size of your company, you are susceptible to data breaches, document fraud, and theft. Therefore, failure to protect your company from these threats can result in lost revenue, a lawsuit, or more importantly, you could lose your customers' trust.
If you would like to learn more about document fraud, or have questions about how to establish a document fraud prevention program, then contact Dr. Fenoff at
Roy Fenoff, Ph.D., D-BFDE, is an assistant professor in the Department of Criminal Justice at The Citadel, and is a member of Michigan State University's Food Fraud Initiative research team. Dr. Fenoff is also a questioned handwriting and document examiner certified by the Board of Forensic Document Examiners and is an expert in forgery detection. He provides consulting services and conducts forensic examinations for individuals, businesses, law enforcement agencies, and law firms throughout the United States and overseas.