Workplace Habits that Put Organizations at Risk – and Best Practices for Keeping Data Safe

Over time, employees can develop habits that inadvertently jeopardize an organization's data security. While not intentional, these habits can pose significant risks. It's crucial to identify them and promote best practices to help ensure that all employees make data security a priority – and know how to do so in their everyday work. By emphasizing data security and implementing a comprehensive anti-fraud program, organizations can minimize the risk of breaches and maintain trustworthiness in their operations.

Training employees to avoid potentially dangerous practices that could create security gaps can make a big difference. Here are nine common, but worrisome, work habits that pose great risks to organizations followed by the corresponding best practices employees should adopt: 

1. Leaving the office without clearing your desk.  If leaving a work area, do not leave confidential information visible on a computer screen or sitting out on a desk. A clean desk policy requires employees to shred or file away and lock up all physical documents each time they leave a work environment and requires all devices, such as laptops and phones, to be password protected.
2. Working in public on a laptop without taking precautions. Employees should find a private or less populated area to review documents and digital files containing private data whenever possible. If no private area is available, workers should consider using a laptop privacy filter, which blocks computer screens from onlookers.
3. Tossing used documents into the blue box. Discarding documents in a recycling bin potentially exposes the contents to everyone in the office, including guests, custodial staff, and others that normally wouldn’t have access to sensitive information. Swap out traditional blue recycling bins for locked containers or totes strategically placed throughout the workplace. Employees may conveniently discard confidential documents, knowing they’ll undergo secure destruction and subsequent recycling.*
4. Printing documents haphazardly. Documents left unattended is a security concern. The solution? Enforce a printer key or code for employees to use in order to pick up printouts.
5. Stockpiling old devices. Keeping old computers around is a security risk because confidential information remains on the hard drives. Thieves often target data on legacy hard drives. Physical hard drive destruction is the only 100% secure way to permanently destroy data from hard drives. Your document destruction company should provide secure hard drive destruction. Remember to destroy electronic documents as well. Contact Shred-it^® for service availability.
6. Using an easy-to-remember password. The root cause of many data breaches is due to weak, guessable passwords. The best passwords are a combination of symbols, numbers, and uppercase and lowercase letters.
7. Leaving your mobile devices unattended. Asurion found that over the course of 2022, 4.1 million phones were lost or stolen. To help prevent a data breach when a device goes missing, enable the passcode on your device, back up data on devices constantly, and use 2-factor authentication for communications.
8. Turning a blind eye to suspicious behavior. According to the 2023 Shred-it^® Data Protection Report, of those surveyed, malicious insiders caused 38% of the data breaches they experienced in 2022. A high-profile culture of security with strong internal controls is critical. In the Association of Certified Fraud Examiners (ACFE)'s 2024 Report to the Nations, organizations with hotlines were nearly twice as likely to detect fraud via tip as organizations without hotlines, illustrating the crucial role they play in a comprehensive fraud detection program.
9. Removing documents from the office. Removing confidential data can be removing physical documents as well as downloading documents to a zip drive or sending them by email. Organizations should prohibit the use of removable storage devices, which eliminates the ability for data to be removed. If you want to allow these devices, require the encryption of the data. If lost or stolen, devices such as USB drives can be plugged into other devices. Encryption will make it tougher to access data.

Safeguarding organizational data requires a proactive and ongoing approach. By raising employees’ awareness of potential risks and implementing best practices, such as a clean desk policy, physical document destruction, and vigilant password management, organizations can significantly reduce the likelihood of data breaches.

Fostering a culture of data vigilance and providing continual training can empower employees to recognize and respond to suspicious behavior and understand their role and responsibility in protecting the organization. While ensuring data security amid ever-increasing threats may seem daunting, it’s essential for maintaining trust and integrity in today's competitive business landscape. Learn more about how Shred-it^® can help with tailored policies and security trainings that can help employees use positive work habits.

^{* Some local regulations may require the recycling of all paper with your local municipality.} 

^{**This article is for general information purposes only and should not be construed as legal advice on any specific facts or circumstances.}