With news stories so often trained on all the drama created by mega data breaches and corporate whistleblowers, it’s easy to forget that there are many aspects of information security in the workplace that are much less complicated. Often, business owners need to look closer at workplace processes and how employees do their jobs if they want to guard against a security breach.
The key is having a comprehensive information security policy and making it part of everyone’s job.
12 simple and inexpensive information security strategies:
- Employees attend regular training sessions to stay on top of data security best practices, including data protection laws. The workplace also provides regular security awareness reminders, including e-newsletters, workplace signage, and special events.
- Employees acknowledge that they are aware of the information security programme, and they sign confidentiality agreements.
- Access to confidential information is limited and controlled – employees understand they only have access to the information they need in order to do their jobs.
- Open recycling bins are not used. Instead, locked storage consoles are placed in convenient locations around the office so that waste paper containing confidential information is kept secure.
- The mobile workforce has its own information security policies. For example, employees remove only the confidential information that they absolutely need to do their job – and they return it to the office for safe and secure disposal.
- Employees protect electronic documents and the company network. In line with findings by The Human Factor in Data Protection survey, they change their passwords regularly, never open a link from someone they don’t know, and protect their monitors (from prying eyes) and their various electronic devices when working outside the office.
- Employees follow Clean Desk Policy guidelines. Desks are kept tidy, and confidential documents are never left out in the open for other employees or external staff such as cleaners to see.
- Where possible, confidential information should be locked away. Every employee has at least one lockable drawer in their desk. Printers and filing cabinets that may contain confidential information are located in private areas that can be locked.
- The company partners with a reliable shredding service. All employees have to do is place documents they don’t need any more into locked containers. The company provides secure shredding and a certificate of destruction after every shred. Electronic media and hard drive destruction services are also provided. Nearly a third of UK SMEs have never disposed of redundant electronic devices containing confidential information, according to Shred-it’s 2014 Information Security Tracker.
- The workplace has a shred-all policy. Employees never have to decide whether a document is ‘confidential’ or not as all documents are placed into secure containers for destruction.
- Employees receive training on the behavioural patterns of potential insider fraudsters – and can report issues anonymously. The second annual Risk of Insider Fraud study by Ponemon showed that on average, organisations have had about 55 employee-related incidents of fraud in the past 12 months – or slightly more than one fraud event by a malicious insider per week.
- There’s a strong corporate culture in the company, and adhering to the information security plan is part of the performance review process.
Can your workplace improve data security?