Information security has a lot to do with office design – and new research by information security leader Shred-it explains how and why.
The setup of a traditional office provides built-in privacy - and security - with separated offices and lockable doors. But today, the open concept design is more popular and workstations are in an open space with employees working side by side. The International Facility Management Association reported that about 70% of U.S. offices now have low or no partitions between work spaces.
While sharing space this way is good for collaboration and relationship-building in an organization, there are data security downsides.
Here are 6 data security risks of an open concept office that were flagged in the 2018 Security Tracker.
- Loose note paper: Many employees leave confidential documents on their desks thinking that after hours, only other employees and cleaning staff are around. But insider fraud is prevalent, and the open concept increases the risk of document and device theft. Solution: Implement a Clean Desk Policy so that employees clear their desks at the end of every day, and secure all documents in locked filing cabinets and password-protected files.
- Work habits of millennial employees: Surprisingly, the research showed that while millennials tend to be tech savvy, they do not always take information security seriously enough. In the study, 48% of this group left notebooks on their desks at the end of the day compared to 37% of generation X and 21% of baby boomers. Solution: Don’t assume that millennials are following safe data protection practices. Provide proper and on-going training to this generation – and all employees.
- Unlocked computers: Millennials are also far more likely to leave their computers on and unlocked after work. The open concept makes stealing data this way even easier. Solution: Before leaving the office, all employees must ensure that their devices are locked and password protected.
- Employee error: Employees are not always aware of what data is ‘confidential’. The research showed that sales receipts, for example, can contain personal and/or corporate financial information but are often left lying on desks and not properly destroyed when no longer needed. Solution: Information security policies must clearly define sensitive data. Never leave this data on a desk, or toss it intact into the garbage or recycling bin. All documents containing confidential information should be securely shredded when no longer needed.
- Post-it notes: Employees are still writing important information like phone numbers and passwords on sticky notes and sticking them onto their desk or computer monitor – for anyone walking through the office to see and steal. Solution: Teach employees to avoid using sticky notes for confidential information. Partner with an information destruction company so that all confidential data that is no longer needed is securely destroyed.
- Stockpiled legacy equipment: There’s easy access to stockpiled equipment in an open concept workplace. But research has shown that confidential information could remain on a hard drive even if it has been erased, deleted or reformatted. Solution: Legacy equipment and hard drives must be securely destroyed.
Inform your open concept office of these potential data security risks and use the solutions provided to ensure a secure office setting.
Start Protecting Your Business
To learn more about how Shred-it can protect your documents and hard drives, please contact us to get a free quote and security risk assessment.