November 22, 2016

Workplace Security Plan: Don’t Let Confidential Information Get Gobbled Up



Ready for Thanksgiving?

The annual feast is held on the fourth Thursday of every November, and it marks the beginning of the holiday season in the United States. What happens in the workplace though is that some employees are going to become distracted by all the festive activities – and that can increase the risk of employee error and data breaches.  

As a result, now is also a good time to step up the office security plan, and remind employees about information security best practices.

A small business can do this by posting reminders throughout the office, incorporating messaging in the signature in emails, and putting a spotlight on security in employee newsletters and during on-going training.

The following best practices help employees better protect confidential information in the workplace:

  1. Have all employees sign an employment contract with a confidentiality clause. This will emphasize the seriousness of protecting information.  
  2. Use ‘confidential’ labels on electronic and hard copy documents. The labels will help remind everyone that the contents are confidential.  
  3. Lock up confidential information. All employees should have access to lockable drawers, cabinets, and offices so they can keep confidential information under lock and key.
  4. Don’t leave confidential information behind on printer trays. Remind employees to pick up all documents when using the printer.
  5. Remove confidential documents from the board room. After a meeting, all documents should be gathered up and securely destroyed if no longer needed.
  6. Never leave confidential documents in clear view.  If leaving a work area, do not leave confidential information visible on a computer screen or sitting out on the desk. A Clean Desk Policy will help educate employees about this best practice.
  7. Keep smart phones and other mobile devices locked. Set mobile devices to automatically lock – just in case a device is lost or stolen and ends up in the hands of an information thief.
  8. Encrypt data on removable storage devices. If lost or stolen, devices such as USB drives and SIM cards can be plugged into other devices. Encryption will make it tougher for criminals to access data.   
  9. Turn off computers.When finished using computers for the day, power them down. Leaving computing devices on and connected to the Internet increases the risk of a cyber attack.
  10. Securely shred documents that are no longer needed. Partner with a reliable document shredding company that provides locked consoles for discarded documents throughout the office. 
  11. Implement a Shred-it all Policy: This simplifies document disposal, and employees will not have to determine which documents are confidential.  
  12. Destroy electronic documents too. Confidential information stored on legacy hard drives is often the target of data thieves. Research has shown that even if data has been ‘wiped’ or ‘degaussed’, it can be retrieved from computing devices using special software. Physical hard drive destruction is the only 100% secure way to permanently destroy data from hard drives.