June 27, 2017
How secure is confidential information in your workplace?
With very little digging, there may actually be security risks in areas where you’d least expect it.
Bad passwords: Last year ‘123456’ and ‘password’ were at the top of SplashData’s annual Worst Passwords list. In the 2016 Data Breach Investigations Report, 63% of confirmed data breaches involved weak, default or stolen passwords. Solutions: Enforce a strong password policy (passwords should not be easy to guess... use upper- and lowercase letters, numbers and symbols) and change passwords every 60 to 90 days.
Devices that aren’t automatically patched: Safeguarding software on devices including routers, servers and personal computers needs to be regularly updated and patched - but it is not always automatic. Solutions: Implement a patch management program. Any equipment that hasn’t been patched within a certain amount of time should be taken offline.
Uninformed Employees: Cyber criminals create fake email addresses and pose as company executives who need an urgent transfer of funds or other information. Research has shown that 30% of these kinds of phishing scam emails get opened. Solutions: Train employees about spear phishing scams, and have a process to check all requests for sensitive data.
Unlocked mobile devices: Data Labs data showed that 1 in 3 Android smartphones are not secured with a lockscreen passcode, the most basic level of protection. Solutions: Have a mobile phone policy that includes IT safeguards, employee training, and continuous monitoring and evaluation.
Clutter: A company’s commitment to data security has to start with formal (and visible) security policies and procedures. A cluttered workplace can lead to information breaches caused by human error. Solutions: Implement a corporate culture of security with workforce support including on-going training and embedded security-driven processes (e.g. Clean Desk Policy).
Sloppy printing habits: How many times have you found documents left behind in the printer? Earlier research by Quocirca showed that 63% of businesses had one or more print-related data breaches. Solutions: Control access to printers, and use a ‘pull printing’ process so print jobs are held until there is user authentication. Never leave paper in printer trays.
Blue bins still being used for paper: Paper is an information security risk when it is recycled or trashed indiscriminately. The 2017 Shred-it Information Security Tracker survey showed that 39% of SBOs have no policy in place for storing and disposing of confidential documents. Solutions: Partner with a reliable document destruction company that provides a secure chain of custody, including locked consoles for paper. A Shred-it all Policy should stipulate that all documents are securely destroyed when no longer needed.
Old computers: While old hard drives and electronic devices may have been degaussed or had data deleted, information thieves have recovery software. Solutions: Implement protocols governing the secure storage and destruction of hard drives. Destroy all old and unused hard drives using a third-party provider with a secure chain of custody.
Your heart rate monitor: More and more automated Internet of Things (IoT) devices (medical and other devices) have built-in interconnectivity – but little or no security. Solutions: Create a policy about what devices are acceptable in the workplace and how to protect them.
Unvetted service providers: Third-parties typically handle confidential information from your company whether connecting to your network remotely or having printed documents... but what about their security? Solutions: Vet third parties and make sure they follow security best practices. Ask to be alerted right away if they experience a attack.