January 17, 2017

Managing Security Risks: 5 Common Security Gaps in the Workplace



Are there any security gaps in your organization?

Security gaps are an information security risk and can lead to data loss, security breaches, and violations of privacy laws.

One of the best ways to find out is to have a Information Security Risk Assessment. It will identify data security risks – and where an organization can implement more safeguards.

Here are 5 of the most common information security gaps in the workplace today, and tips for managing security risks:

Mobile Devices: The growing mobile workforce is a target for cyber criminals. With the right equipment, they can access nearby mobile devices easily. Small, compact mobile devices are easy to steal. Also, apps are huge IT security risks – according to the Mobile Threat Report, hundreds of apps were found to have security issues in 2016. Solutions: Implement a well supported mobility and security awareness program. Teach best practices such as how to recognize and respond to suspicious text messages called SMishing (don’t click on links). Control devices, and limit apps to an approved list.

Careless Employees: Studies suggest that up to 95% of information security breaches involve human error. Common errors include system mis-configuration, poor patch management, easy-to-guess passwords, lost devices, accidental disclosure of information by email, phishing links, and leaving computers unattended. Solutions: Use automated safeguards such as password management, identity and access management, and network access rules. Support secure work habits with awareness campaigns. Embed policies like a Shred-it all Policy, which directs employees to securely destroy all documents when they are no longer needed.

Insider Fraudsters: Three quarters of companies have had a fraud incident in the past year, according to the Kroll Global Fraud Report 2015-2016. Where fraud occurred and the perpetrator was identified, four in five (81%) were insiders. The 2016 Global Fraud Study reported that the most prominent organizational weakness contributing to fraud was lack of internal controls. It was cited in almost a third of cases. Solutions: Provide a reporting hotline because the most common detection method of fraud in the workplace is tips. Managing security risks also means putting policies in place to reduce confidential information being left out in the open. Partner with a document destruction leader that has a secure chain of custody. Implement a Clean Desk Policy, which helps protect confidential information in digital and paper formats.

Internet of Things (IoT): The Internet of Things (IoT) is set to grow as both organizations and individuals adopt IoT devices. Unfortunately the devices used to collect the data aren't always secure. Solutions: Reducing IT security risks should bean organization-wide commitment along with IT security tools and monitoring, and training employees on safeguards.  

Breach Response: Research including the 2016 SANS Incident Response Survey has shown that the quicker an organization can detect and remediate breach incidents, the less damage the breach does. Malware still holds the top spot as the underlying cause of reported breaches. Solutions: An internal incident response team helps reduce information security risk. Create a comprehensive incident response plan so everyone knows what to do when a breach occurs, and there are up-to-date controls in place.

A reliable document destruction partner will recycle paper documents after secure shredding – so there’s no security gap there.