March 22, 2018
There’s a lot of emphasis these days on the need for online safeguards to protect confidential and personal information in the workplace.
While using up-to-date endpoint, network, and email protection is an effective and important way to filter out spam, malware, and other dangerous viruses, IT safeguards can’t stop every information thief. There are many different ways and avenues being used to gain access to confidential data.
Insider fraudsters and other information thieves get into the workplace through the front door. Physical safeguards are important including locks on doors, alarm systems, and security cameras. Also, control access to the workplace (have a sign-in process for all visitors), and store confidential information securely – in locked file cabinets and storage rooms, and password-protected files. Teach insider fraud awareness, and provide and publicize an anonymous tips line.
Many third parties require confidential information to provide services. But in a recent survey, Soha Systems linked 63% of data breaches directly or indirectly to third-party access. Evaluate security and privacy practices of third parties, and have clear, established contractual obligations to notify business partners about data breaches.
Research has shown that employees are often the weakest link in the security chain. The 2017 IT Risks Report from Netwrix found that 100% of government workers who were surveyed saw their own employees as the most likely culprits during a security breach. It wasn’t always malicious activity — 41% said such incidents were likely the result of human error. Provide ongoing employee training to keep everyone up-to-date on the threat landscape and data security best practices.
Confidential information is often saved on a mobile device, which is then removed from the workplace. Create a Mobile Device Policy that helps control the use of removable storage devices. For example, implement full disk protection and encrypt sensitive data stored on removable media for sharing with business partners. Also, never leave devices out in the open in a hotel room, unattended in public, or visible in a locked vehicle.
The digital workplace doesn’t exist yet... and there has to be awareness and strategies in place that protect confidential data on paper. Implement a Clean Desk Policy so desks are kept clear of loose paper. Remind employees not to leave paper behind in meeting rooms, on copy machines, etc. Clean out files regularly, and keep only the information that is needed for compliance and business purposes. Partner with a professional document destruction company that provides secure shredding services including locked consoles for storing paper. Implement a Shred-it All Policy too.
Did you know that confidential information remains on a hard drive even if the data has been erased, deleted or reformatted? In one study of second-hand hard drives purchased online, software was able to recover data despite the fact users had deleted it. Rather than stockpiling or disposing of old computers, hard drives must be securely destroyed. Your professional document destruction company should provide hard drive and e-media destruction services as well.