They are the things that people do in offices every day. Papers left on printers, computers unprotected, strangers allowed to roam unchallenged. The things that people think nothing about and yet they can be the cause of untold misery because they can lead to security breaches.
That is the message from Alan Stenhouse, who runs Scottish business AST Risk Consultancy & Training Services Ltd, amid growing evidence that unguarded moments by employees are the biggest cause of security breaches for businesses.
Alan, who has spent his career advising businesses of all sizes on security, said that employees need to be more vigilant when it comes to protecting sensitive information, adding that businesses must have a Clear Desk policy that is enforced.
He said: “Many businesses view security threats as coming from criminal gangs lurking in the shadows but the reality is that a thief will often look like everyone else.
“A lot of businesses are based in large, multi-occupancy corporate buildings and do not know everyone coming and going on a daily basis so there is a real need to be vigilant.
“We have all been in the situation where someone you do not know walks into an office but you do not feel confident enough to challenge them or you simply assume that a colleague has arranged for them to visit.
“Most of the time they will be there for legitimate purposes but why leave it to chance? Politely challenge why they are in the office and who they are there to meet. All visitors should be escorted when in business premises and be given a visitors badge which should be visible at all times.
“Also, you do not know who is in the building when your working day has finished so the last thing you want is sensitive information at risk should someone enter your office to undertake repair or cleaning activities.”
Alan has recommended some basic preventative measures that employers/employees can take:
- Challenge anyone not displaying a company security pass or visitors badge
- Do not leave computers logged in when you leave the machine; use a password protected screen saver – Remember, CTRL, ALT, DELETE before you leave your seat
- Do not leave your computer log-on and password on a post-it note stuck to your machine. These are unique to the user who will be held accountable for any actions made
- Do not leave sensitive documents lying on desks for anyone to see. When finished, retain in locked cabinets or use confidential waste bins/shredders to dispose of them securely
- Do not print sensitive documents to pick up later – collect them the moment they print. Even better, introduce password or card swipe control on your printers so that documents only print when you are at the machine
- Do not leave mobile devices such as phones, tablets and laptops lying unattended on desks, especially out of hours
- Do not leave keys to locked cabinets poorly concealed on your desk – anyone can find these within desk trays or hidden beneath paper clips
- Ensure there is a documented Clear Desk policy in the business supported by employee training and ad-hoc compliance checks to monitor compliance
Alan said: “These may sound like basic measures to take but it is amazing how many times people leave sensitive information at risk when they are not at their desk.
“A security breach can be catastrophic for a business with penalties even more punitive when GDPR becomes effective in May 2018 so it is imperative that everyone who works there is aware of the dangers.”
The General Data Protection Regulation (GDPR) calls on businesses of all type and size to protect their customers’ information so that their privacy is protected.
GDPR, which is set to replace the Data Protection Act 1998, will come into effect from the 25th May 2018. In the event of a breach, businesses found not to be compliant and cannot demonstrate that they took appropriate steps to abide by the regulation, could receive fines of up to 20m Euros or 4% of their annual turnover.
Alan advises businesses of all sizes on information and cyber security. AST Risk Consultancy & Training Services can be contacted at Web: www.astriskconsultancy.com E mail: firstname.lastname@example.org Tel: 07969-050393