March 15, 2016

Office Security: 8 Ways Confidential Information May Be Walking Out the Door

With March being Fraud Prevention Month in Canada, it a good to time to remind ourselves that and even in the workplace, anyone can become a victim of fraud. Are you aware of the biggest threat to confidential information in your workplace?

While cyber thieves on the other side of the world may come to mind, don’t forget about all the inside threats to office security.  

Employee error often leads to data breaches, disgruntled employees steal sensitive information, and professional thieves have different ways to get inside a workplace.  

Here are workplace vulnerabilities that information thieves take advantage of... and solutions that should be on your office security checklist.   

Shared Computers: Employees who do shift work often share computers; open concept offices may have shared computers too. The problem is employees leave confidential data in their personal folders, and internet browsers may save passwords and other confidential data.
Solutions: To secure corporate data, assign a separate account and security permission to each user. Utilize password protection software and strong passwords.  

Garbage Bins: Do employees toss confidential documents into unsecured garbage bins? Despite privacy laws, a survey by an office supplies company showed that almost half of organizations were not destroying data before they disposed of it.
Solutions: Partner with a document destruction company that provides locked consoles for documents that are no longer needed. Implement a Shred-it-all Policy so that all documents are securely destroyed. 

Office Printers and Photocopiers: Who hasn’t found forgotten documents in a printer? Also, many copier and printers’ hard drives store copies of every document that has been scanned or printed, and the drive can be manually removed and accessed.
Solutions: Post employee security reminders at printing stations. Use printing and scanning security codes, or print confidential documents in an access-controlled area. Disable memory in equipment if possible.     

Messy Office: Sensitive information (left out on surfaces or visible on computer screens) was visually hacked in 88% of attempts in the Visual Hacking Experiment. There is also a risk that discussions about confidential data are overheard.
Solutions: Discourage prying eyes and ears with sound-proofing in the workplace and a Clean Desk Policy. Control access to the workplace, and equip all computers with privacy filters.   

Mobile Devices: Ponemon research has shown that 37% of mobile devices in use by employees contain sensitive data. Also, employee carelessness often leads to the loss or theft of devices – and information.
Solutions: In security awareness training, teach employees about the risks of removing confidential information from the workplace. Program computers to automatically scan removable media for viruses. All computers should have up-to-date antivirus software.

Public Entry Points: When a large retailer was hacked several years ago, investigators surprisingly discovered the attack originated at an in-store self-service employment kiosk.
Solution: Never link public entry points to main servers; all traffic should be encrypted and secured.

Third-Parties: Information thieves increasingly work through third-parties.
Solutions: Partner with recognized companies that have a good reputation and security protocols.

Stockpiled Hard Drives: Research has shown that the confidential data on obsolete hard drives is still retrievable by information thieves – even if the drive has been ‘erased’ or ‘degaussed’.
Solutions: Hard drive destruction is the most effective way to permanently destroy all information.  

One of the best ways to reduce the risk of becoming a victim of fraud, identity theft or corporate espionage is to use your own office security checklist to implement standardized information security best practices.