With kids going back to school and the workplace getting back to normal, it’s a good time for everyone to think about an information security checklist.
What’s interesting is that there are commonly overlooked information security practices that can help businesses reduce the risk of a security breach.
Here is a guide.
- Passwords: Weak passwords are a huge security risk. According to an inc.com blog, 80% of cyberattacks involve weak passwords, and 55% of people use one password for all logins. Security plan: Use a unique password consisting of letters, symbols and numbers that do not spell out real words for each account.
- Messy Workplace: The 2015 Ponemon Visual Hacking Experiment study showed that hackers easily obtained sensitive data just by wandering through an office. 53% of information deemed sensitive was gleaned from unprotected computer screens; 29% from vacant desks.
- Security plan: Provide security awareness training and implement a clean desk policy for organizing documents and a document shredding process; companies in the study that did these things, showed relatively low visual hacking rates.
- Apps: Attackers are targeting mobile devices, which are increasingly being used for business and personal purposes, with harmful apps. The 2015 State of Mobile Application Insecurity report concluded that malware-infected mobile apps will increase. Security plan: Provide employees with policies and guidance on the use of apps.
- Mobile Devices: Lost and stolen mobile devices were the leading cause of healthcare security breaches, according to a 2014 survey by Bitglass. Security plan: Create a BYOD (bring your own device) or CYOD (choose your own device) policy that emphasizes best practices and includes encryption, anti-virus, firewalls, strong passwords and other safeguards.
- Social Media: Social media has transformed the way businesses interact with customers – but it has increased security risks too. One recent study showed that almost a quarter of small businesses had been compromised in some form by employee-use of social media, according to a socialmediatoday.com article. Security plan: Create a clear social media policy so employees rethink what they reveal and share on social media.
- Email Slip-ups: Phishing scams succeeded in stealing $1 billion from small businesses in 2012, according to the inc.com article. Most phishing involves collecting sensitive information via email. Security plan: Provide on-going employee training that teaches employees to not click on links, download files or open attachments in emails from unknown senders. Keep existing software, operating systems and browsers updated with the latest patches.
- Document Disposal: Paper documents left in open recycling bins, garbage cans and dumpsters, is a security risk and a breach of privacy laws. The 2015 Shred-it Information Security Tracker showed that 37% of small business owners don’t have a protocol for storing or disposing of confidential data. Security plan: A comprehensive document management plan includes partnering with an information security company that provides locked consoles for document storage and secure on or off site shredding.
Use this do-it-yourself security risk assessment to identify other areas of vulnerability and potential risks in your organization. Prevent vulnerabilities and protect confidential information with secure paper shredding services.