Are you aware of the biggest threat to confidential information in your workplace?
While cyber thieves on the other side of the world may come to mind, don’t forget about all the inside threats to office security.
Employee error often leads to data breaches, disgruntled employees steal sensitive information, and professional thieves have different ways to get inside a workplace.
Vulnerabilities and Solutions for your Office security checklist
Here are workplace vulnerabilities that information thieves take advantage of... and solutions that should be on your office security checklist.
- Shared Computers: Employees who do shift work often share computers; open concept offices may have shared computers too. The problem is employees leave confidential data in their personal folders, and internet browsers may save passwords and other confidential data.
Solutions: To secure corporate data, assign a separate account and security permission to each user. Utilise password protection software and strong passwords.
- Rubbish Bins: Do employees toss confidential documents into unsecured garbage bins? Despite privacy laws, a survey by an office supplies company showed that almost half of organisations were not destroying data before they disposed of it.
Solutions: Partner with a document destruction company that provides locked consoles for documents that are no longer needed. Implement a Shred-it-all Policy so that all documents are securely destroyed.
- Office Printers and Photocopiers: Who hasn’t found forgotten documents in a printer? Also, many copier and printers’ hard drives store copies of every document that has been scanned or printed, and the drive can be manually removed and accessed.
Solutions: Post employee security reminders at printing stations. Use printing and scanning security codes, or print confidential documents in an access-controlled area. Disable memory in equipment if possible.
- Messy Office: Sensitive information (left out on surfaces or visible on computer screens) was visually hacked in 88% of attempts in the Visual Hacking Experiment. There is also a risk that discussions about confidential data are overheard.
Solutions: Discourage prying eyes and ears with sound-proofing in the workplace and a Clean Desk Policy. Control access to the workplace, and equip all computers with privacy filters.
- Mobile Devices: Ponemon research has shown that 37% of mobile devices in use by employees contain sensitive data. Also, employee carelessness often leads to the loss or theft of devices – and information.
Solutions: In security awareness training, teach employees about the risks of removing confidential information from the workplace. Program computers to automatically scan removable media for viruses. All computers should have up-to-date antivirus software.
- Public Entry Points: When a large retailer was hacked several years ago, investigators surprisingly discovered the attack originated at an in-store self-service employment kiosk.
Solution: Never link public entry points to main servers; all traffic should be encrypted and secured.
- Third-Parties: Information thieves increasingly work through third-parties.
Solutions: Partner with recognised companies that have a good reputation and security protocols.
- Stockpiled Hard Drives: Research has shown that the confidential data on obsolete hard drives is still retrievable by information thieves – even if the drive has been ‘erased’ or ‘degaussed’.
Solutions: Hard drive destruction is the most effective way to permanently destroy all information.