July 09, 2015

Information Security Checklist: How Do Your Protocols Stack Up?

Information security evaluations in the workplace have never been more important.

Last year, the total number of security incidents detected by respondents in the Global State of Information Security Survey reached 42.8 million, a 48% increase compared to 2013 (and this doesn’t include attacks that organizations were unaware of or incidents that weren’t being reported for strategic and other reasons).

To evaluate security protocols in the workplace, below is a list of information security checks that highlight the key risk areas that have been identified by industry experts:

Risk Culture

“Organizations need to treat privacy as both a compliance and business risk issue, in order to reduce regulatory sanctions and business costs such as reputational damage and loss of customers due to privacy breaches,” said Steve Durbin of Information Security Forum in a cio.com story. Upper management should be involved in information security and set the tone for the entire company. Keep track of industry privacy laws and legislation, and conduct periodic security risk assessment audits.  

Employees

Research shows that employees are often the cause of security incidents. In the 2015 State of the Endpoint study by Ponemon, for example, 78% of respondents identified “negligent or careless employees who do not follow security policies” specifically as the biggest threat to endpoint security.

Experts say that on-going training should show employees how and why they need to follow security policies. At the same time, they recommend embedding information security processes into the workplace – for example, introduce a Clean Desk Policy and Shred-all Policy, and have physical safeguards such as ID badges and locked premises.

Endpoint Protection

'Malware attacks' followed by 'advanced persistent threats' and ‘rootkits’ were identified as the most frequent cyber threats by 80% of respondents in the Ponemon study.

For safeguarding, invest in detection technologies and keep software updated and patched. But also, teach employees in security awareness training how to support the various technologies. Emphasize, for example, that employees should never share passwords – a study by Sungard Availability Services showed that 51% do.

Business Partners

Third-parties are often given trusted access to networks and data. But the percentage of incidents attributed to current and former service providers, consultants and contractors is increasing – to 18% and 15%, respectively, in 2014, according to the Global survey.

Screen third party providers in the supply chain on their information security policies and procedures.

Mobile Devices

Mobile workforce employees using commercial cloud apps are one of the biggest security risks, according to the 2015 Endpoint Report survey. Three-quarters of respondents believe their mobile endpoints were targeted by malware over the past 12 months. A data security checklist today must include a comprehensive mobile device policy.

Document Management

The 5th annual 2015 Security Tracker from Shred-it showed that 63% of c-suite executives surveyed have a protocol for storing and disposing of confidential data (up from 51% in 2014) while 37% of small business owners don’t have any security protocols in place. The solution is to partner with a reliable document destruction company that provides a secure chain of custody, locked consoles for the workplace, and high quality on- or off-site shredding services for paper documents as well as hard drives and e-media.

Outsourcing document security eliminates risk. Use this information security evaluation checklist to choose a document destruction partner or learn more about how secure information destruction services can help you protect your confidential information.