Office Security: Focus on Employees, Not Just Digital Safeguards
Did you know that hitting ‘print’ or jotting down confidential information is one of the most common office security mistakes that employees make? Confidential data on an office print tray or a sticky note can be easily seen – and stolen – by an office visitor or inside fraudster.
Unfortunately, this scenario happens more often than you think.
- A 2015 SANS Institute survey showed that negligent employees accounted for the majority of concerns that companies had about insider threats – more than malicious employees, and all contractors, clients, partners and other affiliates combined.
- In a CompTIA survey, human error accounted for 52% of root causes of security breaches while technology errors accounted for 48%.
- In earlier Intralinks and Ponemon research, 61% of respondents didn’t follow policy on document deletion; they often didn’t delete confidential documents, used personal storage and file sharing apps for company information, and accidentally forwarded documents to the wrong individuals.
While the weight of technology in safeguarding confidential information seems to get all the headlines, it’s important to remember that employees are an important line of defense too.
Here’s how an organization can help their employees become better at protecting confidential data.
Culture of security. Create a strategy that encourages everyone to commit to a culture that prioritizes and values information security. Have a comprehensive office security policy, designate a Security Ambassador, and embed security into the workplace with policies such as a Clean Desk Policy. It directs everyone to clear their desks and lock documents away when they are away from their work area.
On-going education. Teach employees about information security best practices in and out of the workplace. Training should be informative and practical. For example, alert employees to cyber security scams such as phishing – and teach them not to open suspicious emails or attachments. In the SANS survey, 51% of respondents said lack of training was limiting their ability to deal with insider threats.
Printing station etiquette. According to Ponemon, more than 50% of companies ignore printers in end-point security – even though nearly 90% of enterprises have had at least one data breach through unsecured printing. The 2016 State of the Industry Report from Shred-it recommends implementing a best practices standard for printing confidential information. Don’t leave documents unattended at a shared printing station; also, use passwords for printing jobs.
Secure disposal process. Partner with a recognized document shredding company that has a secure chain of custody and provides locked consoles for documents that are no longer needed. Also, simplify document handling, reduce employee error, and enforce security policy with a Shred-it all Policy so that all documents are securely shredded and destroyed when no longer needed.
Reminders. Provide regular security awareness reminders in employee communications such as e-newletters and special events. Also, use Reminder Posters. Shred-it resources include a ‘Do you have all your printed material?’ poster for the printer station, and a ‘STOP! That should be shredded’ poster.
Reduce the risk of office fraud by knowing where it is most likely to strike.