June 27, 2017
How secure is confidential information in your workplace?
With very little digging, there may actually be security risks in areas where you’d least expect it.
1. Bad Passwords: Last year ‘123456’ and ‘password’ were at the top of SplashData’s annual Worst Passwords list. In the 2016 Data Breach Investigations Report, 63% of confirmed data breaches involved weak, default or stolen passwords. Solutions: Enforce a strong password policy (use upper- and lowercase letters, numbers and symbols) and change passwords every 60 to 90 days. Never share or display passwords.
2. ‘Protected’ devices: Safeguarding software on devices including routers, servers and personal computers needs to be regularly updated and patched - but it is not always automatic. Solutions: Implement a patch management programme. Any equipment that hasn’t been patched within a certain amount of time should be taken offline.
3. Uninformed employees: Cyber criminals are increasingly targeting individuals who they have researched on social media. The criminals create fake email addresses and pose as a company executive who needs an urgent transfer of funds or other information. Solutions: Train employees about spear phishing scams, and have a process to check all requests for sensitive data.
4. Unlocked mobile devices: Data Labs data showed that 1 in 3 Android smartphones are not secured with a lockscreen passcode, the most basic level of protection. Solutions: Have a mobile phone policy that includes IT safeguards, employee training, and continuous monitoring and evaluation.
5. Clutter: A company’s commitment to data security has to start with formal (and visible) security policies and procedures. A cluttered workplace can lead to information breaches caused by human error. Solutions: Implement a corporate culture of security with workforce support including on-going training and embedded security-driven processes (e.g. Clean Desk Policy).
6. Printers: Earlier research by Quocirca showed that 63% of businesses had one or more print-related data breaches. Solutions: Use a ‘pull printing’ process so print jobs are held until there is user authentication. Never leave paper in printer trays.
7.Blue bins still being used for paper: Paper is an information security risk when it is placed into unsecure recycling or waste bins, and many organisations don't track where their confidential information goes. The 2017 Shred-it Information Security Tracker survey showed that 55% of SMEs don't monitor employees removing confidential information from the office. Solutions: Partner with a reliable document destruction company that provides a secure chain of custody, including locked consoles for paper. Stipulate that all documents must be securely destroyed when no longer needed, and not removed from the office.
8. Old computers: While old hard drives and electronic devices may have been degaussed or had data deleted, information thieves have recovery software. Solutions: Implement protocols governing the secure storage and destruction of hard drives. Destroy all old and unused hard drives using a third-party provider with a secure chain of custody.
9. Internet of Things (IoT): More and more automated systems and devices (medical and other devices) have built-in interconnectivity – but little or no security. Solutions: Create a policy about what devices are acceptable in the workplace and how to protect them.
10. Unvetted service providers: Third-parties typically handle confidential information from your company whether connecting to your network remotely or having printed documents... but what about their security? Solutions: Vet third parties and make sure they follow security best practices. Ask to be alerted immediately if they experience a cyber attack or physical data breach.
Learn how to implement data security best practices in all areas of the workplace with this free guide.