10 Surprising Data Security Risks in Your Office

Here are 10 surprising security risks in the workplace – and what to do about them.

Bad passwords: Last year ‘123456’ and ‘password’ were at the top of SplashData’s annual Worst Passwords list. In the 2016 Data Breach Investigations Report, 63% of confirmed data breaches involved weak, default or stolen passwords. Solutions: Enforce a strong password policy (passwords should not be easy to guess... use upper- and lowercase letters, numbers and symbols) and change passwords every 60 to 90 days.

Devices that aren’t automatically patched: Safeguarding software on devices including routers, servers and personal computers needs to be regularly updated and patched - but it is not always automatic. Solutions: Implement a patch management program. Any equipment that hasn’t been patched within a certain amount of time should be taken offline.

Uninformed Employees: Cyber criminals create fake email addresses and pose as company executives who need an urgent transfer of funds or other information. Research has shown that 30% of these kinds of phishing scam emails get opened. Solutions: Train employees about spear phishing scams, and have a process to check all requests for sensitive data.

Unlocked mobile devices: Data Labs data showed that 1 in 3 Android smartphones are not secured with a lockscreen passcode, the most basic level of protection. Solutions: Have a mobile phone policy that includes IT safeguards, employee training, and continuous monitoring and evaluation.

Clutter: A company’s commitment to data security has to start with formal (and visible) security policies and procedures. A cluttered workplace can lead to information breaches caused by human error. Solutions: Implement a corporate culture of security with workforce support including on-going training and embedded security-driven processes (e.g. Clean Desk Policy).

Sloppy printing habits: How many times have you found documents left behind in the printer? Earlier research by Quocirca showed that 63% of businesses had one or more print-related data breaches. Solutions: Control access to printers, and use a ‘pull printing’ process so print jobs are held until there is user authentication. Never leave paper in printer trays.

Blue bins still being used for paper: Paper is an information security risk when it is recycled or trashed indiscriminately. The 2017 Shred-it Information Security Tracker survey showed that 39% of SBOs have no policy in place for storing and disposing of confidential documents. Solutions: Partner with a reliable document destruction company that provides a secure chain of custody, including locked consoles for paper. A Shred-it all Policy should stipulate that all documents are securely destroyed when no longer needed.

Old computers: While old hard drives and electronic devices may have been degaussed or had data deleted, information thieves have recovery software. Solutions: Implement protocols governing the secure storage and destruction of hard drives. Destroy all old and unused hard drives using a third-party provider with a secure chain of custody.

Your heart rate monitor: More and more automated Internet of Things (IoT) devices (medical and other devices) have built-in interconnectivity – but little or no security. Solutions: Create a policy about what devices are acceptable in the workplace and how to protect them.

Unvetted service providers: Third-parties typically handle confidential information from your company whether connecting to your network remotely or having printed documents... but what about their security? Solutions: Vet third parties and make sure they follow security best practices. Ask to be alerted right away if they experience a attack.