March 22, 2018

Hacking: It's Not as Digital as You Might Think

Employees Sitting Around Desk Working on Laptop Computer
There’s a lot of emphasis these days on the need for online safeguards to protect confidential and personal information in the workplace.

While using up-to-date endpoint, network, and email protection is an effective and important way to filter out spam, malware, and other dangerous viruses, IT safeguards can’t stop every information thief. There are many different ways and avenues being used to gain access to confidential data.

Physical Safeguards to Protect Confidential Information in the Workplace

Secure Your Building Entrance

Insider fraudsters and other information thieves get into the workplace through the front door. Physical safeguards are important including locks on doors, alarm systems, and security cameras. Also, control access to the workplace (have a sign-in process for all visitors), and store confidential information securely – in locked file cabinets and storage rooms, and password-protected files. Teach insider fraud awareness, and provide and publicize an anonymous tips line.

Evaluate Third-Party Access to Confidential Information

Many third parties require confidential information to provide services. But in a recent survey, Soha Systems linked 63% of data breaches directly or indirectly to third-party access. Evaluate security and privacy practices of third parties, and have clear, established contractual obligations to notify business partners about data breaches. 

Provide Data Protection Training to Staff

Research has shown that employees are often the weakest link in the security chain. The 2017 IT Risks Report from Netwrix found that 100% of government workers who were surveyed saw their own employees as the most likely culprits during a security breach. It wasn’t always malicious activity — 41% said such incidents were likely the result of human error. Provide ongoing employee training to keep everyone up-to-date on the threat landscape and data security best practices.  

Develop a Corporate Mobile Device Policy

Confidential information is often saved on a mobile device, which is then removed from the workplace. Create a Mobile Device Policy that helps control the use of removable storage devices. For example, implement full disk protection and encrypt sensitive data stored on removable media for sharing with business partners. Also, never leave devices out in the open in a hotel room, unattended in public, or visible in a locked vehicle. 

Implement a Clean Desk Policy

The digital workplace doesn’t exist yet... and there has to be awareness and strategies in place that protect confidential data on paper. Implement a Clean Desk Policy so desks are kept clear of loose paper. Remind employees not to leave paper behind in meeting rooms, on copy machines, etc. Clean out files regularly, and keep only the information that is needed for compliance and business purposes. Partner with a professional document destruction company that provides secure shredding services including locked consoles for storing paper. Implement a Shred-it All Policy too.  

Properly Dispose of Old Hard Drives

Did you know that confidential information remains on a hard drive even if the data has been erased, deleted or reformatted? In one study of second-hand hard drives purchased online, software was able to recover data despite the fact users had deleted it. Rather than stockpiling or disposing of old computers, hard drives must be securely destroyed. Your professional document destruction company should provide hard drive and e-media destruction services as well.   

Start Protecting Your Business

To learn more about how Shred-it can protect your documents and hard drives, please contact us to get a free quote and security risk assessment.