A Messy Office Increases the Risk for a Data Breach
When it comes to risk of a data breach, an untidy workplace is actually a highly vulnerable workplace.
While cyber crimes are often highlighted in the media as the cause of data breach incidents, there can be information security problems if physical safeguards are not in place in the workplace too.
Here is a review of the types of different security issues a messy office can introduce, and solutions that will better protect sensitive information and reduce the risk of a data breach.
Accessible shredding console key
Leaving a key to the shredding console in plain view means anyone can access the confidential information that has been placed inside. The Identity Theft Resource Center reported that in 2013, insider theft increased 80% compared to the previous year.
Solution: Store the key in a safe place, and limit access to it. Better yet, partner with a document destruction company that provides locked consoles throughout the workplace as well as screened personnel who securely remove the contents for on or off site shredding services.
Paper documents sticking out of a locked shredding console slot
The data breach risk is high – the documents are retrievable by information thieves in the workplace.
Solution: When documents are no longer needed, they should be placed completely inside a locked shredding console so they are no longer retrievable.
Garbage receptacle placed next to the photocopier
Confidential information that ends up in the garbage bin is vulnerable to dumpster divers who look for personally identifiable information that can be used in identity theft and other data breach crimes.
Solution: Sensitive documents that are no longer needed must be deposited into locked shredding consoles, not garbage containers. Post staff reminders on bulletin boards and in other employee communication.
Cartons of documents labelled ‘shred’ sit next to the shredding console
Anyone can access these documents, since they are not securely stored.
Solution: Implement a document management program so all documents are tracked based on compliance requirements, from creation to the when they can be destroyed. Important papers should be locked in secure cabinets. Transfer to electronic form if possible.
The data breach risk is high. Any private information that ends up in a recycling bin and dumpster can easily be stolen.
Solution: While every workplace should have a comprehensive recycling program (for products that can be sent to municipal recycling depots), it is important to have a specific information security policy for paper. All paper must be securely shredded before it is recycled. Implementing a shred-all policy simplifies the destruction process and reduces the risk of employee error.
Unsecured stack of CDs and hard drives
Anyone can steal these – and access information even if they’ve been wiped.
Solution: All floppy discs, CDs, flash drives, and hard drives that contain sensitive information must be destroyed to guarantee information is protected. Speak to your shredding company about the recommended secure process for e-media disposal.
Anyone walking by can see what is on the screen.
Solution: Computer screens should be positioned so they cannot be easily read by third parties. This should be part of a Clean Desk Policy. If a computer is left unattended, it should be locked down with a password-protected screen saver.
At the end of the day every workplace should strive to create a culture of security with an information security policy, regular staff training about policies and procedures, and periodic information security audits.