7 Risky Work Habits That Can Compromise Confidential Data

Protecting confidential information is more challenging than ever for some businesses, with evolving workplace trends such as remote work, public workspaces, and open-concept office designs, each potentially increasing the risk of data exposure. These work environments could make it easier for sensitive information to fall into the wrong hands, whether through employee negligence or unforeseen vulnerabilities.

Now is a good time to reevaluate work habits to help ensure that you and your employees follow safe practices to keep your organization’s information secure. To help you get started, here are seven behaviors that may increase the probability of data breaches and practical steps to address them.

1. Leaving Confidential Documents Out

Employees may not realize the importance of keeping confidential documents in a protected space at all times. Leaving printed files out makes it easier for fraudsters to act. According to the Association of Certified Fraud Examiners (ACFE)’s 2024 Occupational Fraud report^[1], 32% of fraud incidents result from a lack of internal controls. To help your employees learn best practices, you should establish a clean desk policy, which requires employees to either shred (in accordance with company document retention policies) or securely contain all physical documents each time they leave a work environment.

2. Leaving Computers On and Unlocked

We all want to trust our coworkers, but unfortunately occupational fraud is a real and serious threat. According to the ACFE’s 2024 Occupational Fraud report, an estimated 5% of an organization’s revenue is lost to workplace fraud each year, and workplaces average a loss of $1.7 million per case. Ensure your clean desk policy also extends to all devices, such as laptops and phones. They should be password protected and locked when unattended to prevent unauthorized access.

3. Lack of Mobile Device Security

Forgetting your cell phone in a cab or public place, leaving a device visible in a locked vehicle, or not using reasonable security measures can increase the odds of a data breach. Portability makes devices vulnerable to loss or theft. If employes use their own devices, you should outline IT safeguards in a Bring Your Own Device (BYOD) policy. Ensure all employees know that in the event of a lost or stolen device, they should immediately notify their employer.

A SlashNext report found that 85% of employers require work-related apps to be installed on personal devices. However, employees may inadvertently download a malicious app or become the victim of a phishing scam. Employers should have a comprehensive strategy for managing how personal devices are used in the workplace to ensure the security and privacy of confidential data.

4. Sharing Mobile Devices

Sharing work devices with family or friends can pose a significant risk. There’s no guarantee that the unauthorized individuals won’t either purposely or accidentally access sensitive work-related information. Employees should be reminded to keep work devices private.

5. Working on Public Wi-Fi

Free public Wi-Fi is one of the many amenities of communal working spaces, but it can potentially expose users and their data to hackers, even when networks require a password. To help safeguard sensitive information, employees should always use an employer-provided virtual private network (VPN), which hides their IP address and encrypts their internet activity. Most VPNs are a relatively affordable and effective tool for data protection in coworking spaces or public networks.

6. Downloading Software

Downloading and using unapproved software to complete work is very risky. Putting unapproved software onto computers and phones could include malware. Employees should be instructed that software downloads must be requested, approved, and performed by IT.

7. Improper Disposal of Confidential Information

Throwing documents in trash or recycling bins can expose organizations to significant risks. To maintain secure collection and disposal of confidential information, businesses should use a professional shredding service. Shred-it^®, for example, provides locked consoles and NAID-certified processes, to help protect businesses against dumpster-diving intruders seeking sensitive information.

A Visible Culture of Security

Creating a culture of security includes ensuring staff comprehend security risks and mitigation strategies, implementing and enforcing safe operational procedures, and integrating knowledge and action in daily tasks. While organizations should implement the latest IT safeguards, ongoing employee training is critical for ingraining best practices and secure work habits, particularly for off-site work. There should be comprehensive security policies and procedures, such as a mobile device policy to help control the use of devices, a clean desk policy to keep desks clear and devices locked, and embedded procedures such as placing all documents in shredding bins once you no longer need them.

Start Protecting Your Business

Learn how Shred-it’s secure document and hard drive destruction services can help protect your organization’s confidential information.

^{1. 2024 Occupational Fraud Report, page 39
**This article is for general information purposes only and should not be construed as legal advice on any specific facts or circumstances.}