August 16, 2016

Cheque Out This Year’s Top Office Security Risks in the Workplace

Does your organization have the right data security in place?

Every year, there are data security trend forecasts to help workplaces understand what they’re up against. 

Here are the top 8 office security incident trends in 2016:

1. Health information is a huge target. According to the Information Commissioner’s Office (ICO) in the UK, the health sector had the most data security incidents in the first quarter of 2016 – 184 incidents or 41% of all data security incidents. Local government was the second highest sector and sought-after health data played into the equation too: 21% of incidents affected social care data while 16% affected health or clinical data. 

2. Paper chase. The legal sector had a 32% increase in the number of incidents. The ICO explained that legal information is often in the form of paper files, which are carried around and easily lost or stolen.  

3. On-the-job mistakes. Employees are still to blame for many data breaches. For example, they post confidential data when they shouldn’t, or fax information to the wrong person. ICO reported that these kinds of employee mistakes topped the list of incidents by type – there were 128 incidents in total in the quarter.

4. Small business is vulnerable. Smaller workplaces have been slower than larger ones to adopt aggressive defenses. At the same time, hacking tools are better than ever at finding openings in older, legacy products, said a security expert in a post.

5. Still phishing. Phishing scams have proven to be an effective – and quick – way to steal a victim’s credentials. In 81.9% of incidents in the 2016 Verizon Data Breach Investigations Report, the initial compromise took just minutes indicating phishing opened the door for criminals. 

6. Wearable devices. The Internet of Things has introduced new wearable devices onto corporate networks. “Paired with compromised security or just poor privacy settings,” said an article, “they create the perfect storm for personal data breaches.”

7. Held for ransom. A popular attack, ransomware infects a hard drive or network to encrypt files unless a ransom is paid.

8. Cloud storage. As organizations increasingly store business information this way, the cloud will become a bigger target for information thieves.

For preventing security incidents, the ICO suggested four key areas where safeguards and security policies will make a difference:

Management and organizational measures: Have regular information risk assessments, appoint a Chief Information Security Officer (CISO), create a culture of security, and provide security policies for in and out of the workplace.  

Staff: Privacy laws require organizations to take reasonable steps to ensure the reliability of staff that has access to confidential data. On-going employee training is critical.

Computer security:  Utilize the latest IT safeguards including email filtering and secure authentication procedures. Provide a guest network. The ICO warns that measures should match the nature of data and the harm that could result from a security breach. 

Physical security: Safeguard the office with locks, alarms, etc. Control access to information, put safeguards in place for portable equipment, and arrange for the secure disposal of paper and digital waste.

Partnering with a leading document destruction company for information security and complete workplace privacy protection can go a long way in preventing security incidents.