The more security aware that employees are, the more they can work smarter, not harder, to protect confidential information and the organization.
Since research has shown that human error is still a leading cause of data breaches, it is helpful to connect security policies and processes to common errors.
Here are 6 data security tips that can help everyone to work smarter and improve security:
- Identify and ignore phishing scams. Teach employees to recognize phishing scams that try to lure them to download malicious files or link to exploit-laden sites – and to ignore them. The 2016 Verizon Data Breach Investigations Report showed that 30% of employees who receive phishing emails open them and 13% go on to open malicious attachments or links.
- Protect your laptop. Gartner has estimated that a laptop is lost every 53 seconds. Policies and procedures that govern the secure storage and destruction of mobile devices are essential in an organization’s information security policy. Never leave a laptop or mobile device in a vehicle. Never walk away from your laptop in a public place. Use disk and device encryption on all these devices too.
- Control access to confidential information. Information theft can occur when employees have unnecessary access to information or access isn’t stopped after an employee leaves the company or has been reassigned, according to BakerHostetler’s 2016 Data Security Incident Response Report. A good Document Management process oversees protection of confidential documents from creation to disposal. This would include access control policies in IT systems so employees have access to specific data on a need-to-know basis only.
- Be security-minded at all times. Close to half of the organizations in the 2016 Shred-it Security Tracker cited ‘lack of knowledge’ and ‘human error’ around information security protocols as the biggest threats to their company. Provide on-going security awareness training that consists of theoretical information and hands-on practice. Post security reminders in the workplace too.
- Use good password hygiene. The 2016 Verizon Data Breach Investigations Report showed that 63% of data breaches involved weak, stolen or default passwords. Provide password management software. Implement a Clean Desk Policy so user names and passwords are protected – and not displayed on sticky notes, for example. Never share passwords, and be sure to use different passwords on different accounts.
- Securely dispose of all confidential information. Shred-it's Security Tracker identified a lack of protocols for storing and disposing of confidential paper and electronic data. Schedule reliable document destruction with a company that has a secure chain of custody and provides locked consoles for documents that need to be destroyed. Introduce a Shred-it All Policy too so that all documents are securely destroyed when they are no longer needed. The mobile workforce should bring old equipment to the office for secure hard drive destruction.
Learn where the workplace is most vulnerable to fraud - so you can be more proactive and strategic with safeguards.