With news stories so often trained on all the drama created by mega data breaches and corporate whistle blowers, it’s easy to forget that there are many aspects of information security in the workplace that are uncomplicated, and they have everything to do with workplace processes and how employees do their jobs.
The key is having a comprehensive information security policy and making it part of everyone’s job.
Here are simple – and inexpensive – information security strategies.
- Employees attend regular training sessions to stay on top of data security best practices, including privacy laws in their industry. The workplace also provides regular security awareness reminders too, including e-newsletters, workplace signage, and special events.
- Employees acknowledge that they are aware of the information security program, and they sign confidentiality agreements.
- Access to confidential information is limited and controlled – employees understand they only have access to the information they need in order to do their jobs.
- Open recycling bins are not used. Instead, locked storage consoles are located in convenient locations in the workplace.
- The mobile workforce has its own information security policies. For example, employees remove only the confidential information that they absolutely need to do their job – and they return it to the office for safe and secure disposal.
- Employees protect electronic documents and the company network. In line with findings by The Human Factor in Data Protection survey, they change their passwords regularly, never open a link from someone they don’t know, and protect their monitors (from prying eyes) and their various electronic devices when working outside the office.
- Employees follow Clean Desk Policy guidelines. Desks are kept tidy, and confidential documents are never left out in the open for other employee or external staff such as cleaners to see.
- When need be, confidential information can be locked away. Every employee has at least one lockable drawer in their desk. Printers and file cabinets that may contain confidential information are located in private areas that can be locked.
- The company partners with a reliable shredding service. All employees have to do is place documents they don’t need any more into locked consoles. The company provides secure on or off site shredding and a certificate of destruction after every shred. E-media and hard drive destruction services are also provided. More than one-quarter of American businesses have no protocols for storing and disposing of data, according to Shred-it’s 2014 Information Security Tracker.
- The workplace has a shred-all policy. Employees never have to decide whether a document is ‘confidential’ or not but put all documents into consoles for destruction.
- Employees receive training on the behavioral patterns of potential insider fraudsters – and can report issues anonymously. The second annual Risk of Insider Fraud study by Ponemon showed that on average, organizations have had about 55 employee-related incidents of fraud in the past 12 months – or slightly more than one fraud event by a malicious insider per week.
- There’s a strong corporate culture in the company, and adhering to the information security plan is part of the performance review process.
Can your workplace improve data security? Review this information security checklist to find out.