Information Security: 5 Risky Work Habits That Need to Stop Now
Incorporating information security practices into your daily work routine is so important.
But about a third of data breaches that occur in the UK today can be traced back to human error and negligent employees, according to the 2017 Ponemon Cost of a Data Breach Report.
Employees often have work habits they think are fine but which actually increase the risk of a data breach.
Here are 5 risky work habits that put infosec at risk... and what to do instead.
- ‘Wiping’ data from a hard drive with a magnet. Despite what you see on TV, a magnet will not completely remove information from a hard drive. Even if the data is corrupted by the magnet, it may still be accessible. The right way: When digital data is no longer needed or the device is outdated, physical hard drive destruction will guarantee that confidential information is completely destroyed and protected. Partner with a trustworthy document destruction company that provides industrial-grade hard drive and e-media destruction services.
- Tearing up confidential paper documents and disposing of them in recycling bins. This is risky on both counts. The fact the paper is torn actually highlights it may contain something of interest and information thieves can easily piece documents back together again. Also, while recycling is good for the environment, the traditional recycling process is not designed to protect confidential information. The right way: Your document destruction partner will provide locked consoles for the workplace and a secure chain of custody for document shredding. Implement a Shred-it all Policy too so that all documents have to be shredded when they are no longer needed. Be sure your document destruction partner sends all shredded paper to a recycling partner.
- Being too trusting online, and readily sharing personal information. We all tend to work so quickly these days... and opening links and attachments from ‘recognisable’ sources or individuals without thinking can be risky. Information thieves often impersonate people or institutions in phishing scams to get confidential account numbers, credentials, etc. While emails look real, they usually have spelling and grammar mistakes as well as a tone of urgency around needing information. The right way: Always take a cautious approach to any online request for confidential information of any kind. Check legitimacy by going to a browser and typing in the website address directly. All companies should have an internal two-person authorisation process for online payments.
- Using your password-protected mobile phone for work. Password protection is not enough. Other technology safeguards and work habits are needed to reduce the risk of a data breach. The right way: Every company should have a Bring Your own Device (BYOD) security policy. All devices should be equipped with the latest IT safeguards, and data should be encrypted so it is unreadable if the device is lost or stolen.
- Leaving documents out on your desk. Fraudsters inside your organisation (whether colleagues, visitors or third parties) are always looking for opportunities to steal confidential personal or corporate information. The right way: Be mindful of the information on your desk (or visible on your monitor). Implement a Clean Desk Policy so that all documents are protected in locked cabinets or drawers when employees are away from their desks.
Start Protecting Your Business
To learn more about how Shred-it can protect your documents and hard drives, please contact us to get a free quote and data security survey.