June 27, 2017

10 Surprising Data Security Risks in Your Office

How secure is confidential information in your workplace?

With very little digging, there may actually be security risks in areas where you’d least expect it.  

Here are 10 surprising security risks in the workplace – and what to do about them.  

Bad passwords: Last year ‘123456’ and ‘password’ were at the top of SplashData’s annual Worst Passwords list. In the 2016 Data Breach Investigations Report, 63% of confirmed data breaches involved weak, default or stolen passwords. Solutions: Enforce a strong password policy (passwords should not be easy to guess... use upper- and lowercase letters, numbers and symbols) and change passwords every 60 to 90 days.

Devices that aren’t automatically patched: Safeguarding software on devices including routers, servers and personal computers needs to be regularly updated and patched - but it is not always automatic. Solutions: Implement a patch management program. Any equipment that hasn’t been patched within a certain amount of time should be taken offline.

Uninformed Employees: Cyber criminals create fake email addresses and pose as company executives who need an urgent transfer of funds or other information. Research has shown that 30% of these kinds of phishing scam emails get opened. Solutions: Train employees about spear phishing scams, and have a process to check all requests for sensitive data.

Unlocked mobile devices: Data Labs data showed that 1 in 3 Android smartphones are not secured with a lockscreen passcode, the most basic level of protection. Solutions: Have a mobile phone policy that includes IT safeguards, employee training, and continuous monitoring and evaluation.

Clutter: A company’s commitment to data security has to start with formal (and visible) security policies and procedures. A cluttered workplace can lead to information breaches caused by human error. Solutions: Implement a corporate culture of security with workforce support including on-going training and embedded security-driven processes (e.g. Clean Desk Policy). 

Sloppy printing habits: How many times have you found documents left behind in the printer? Earlier research by Quocirca showed that 63% of businesses had one or more print-related data breaches. Solutions: Control access to printers, and use a ‘pull printing’ process so print jobs are held until there is user authentication. Never leave paper in printer trays.  

Blue bins still being used for paper: Paper is an information security risk when it is recycled or trashed indiscriminately. The 2017 Shred-it Information Security Tracker survey showed that 39% of SBOs have no policy in place for storing and disposing of confidential documents. Solutions: Partner with a reliable document destruction company that provides a secure chain of custody, including locked consoles for paper. A Shred-it all Policy should stipulate that all documents are securely destroyed when no longer needed.  

Old computers: While old hard drives and electronic devices may have been degaussed or had data deleted, information thieves have recovery software. Solutions: Implement protocols governing the secure storage and destruction of hard drives. Destroy all old and unused hard drives using a third-party provider with a secure chain of custody.

Your heart rate monitor: More and more automated Internet of Things (IoT) devices (medical and other devices) have built-in interconnectivity – but little or no security. Solutions: Create a policy about what devices are acceptable in the workplace and how to protect them.

Unvetted service providers: Third-parties typically handle confidential information from your company whether connecting to your network remotely or having printed documents... but what about their security? Solutions: Vet third parties and make sure they follow security best practices. Ask to be alerted right away if they experience a attack.  

Start Protecting Your Business 

To learn more about how Shred-it can protect your documents and hard drives, please contact us to get a free quote and security risk assessment.