July 28, 2020

Data Protection: How Simple Habits Pose Security Risks

The common perception today is that security risks generally come in the form of hacking of computer systems as well as social engineering attacks. However, what you may not know is that there are some more innocuous factors that could undermine any data security plans, such as personal habits.
 
It was in fact reported on ZDNet that Singaporean workers on #WFH were likely to be aware of their organisation’s security rules - but went ahead to disregard them anyway1.
 
Every employer has a part to play in safeguarding confidential information and it is crucial that we fix common practices that inadvertently expose ourselves to a data breach. Below, we set out three common habits that may prove a vulnerability.

Using Insecure Passwords For Convenience

Attitudes towards passwords remain lax despite years of advisories, with the BBC reporting that “123456” had been used in 23 million instances of breached passwords alone.2 In Singapore, it was reported that a moderator account on an online forum had been breached after the password was discovered. Further investigations uncovered that the password had not been changed for ten years.
 
To protect our personal information, a secure password consisting of a mix of letters, numerals and symbols should be utilised. Passwords should not incorporate easy to guess information. Organisations can also mandate the usage of multifactor login methods, which provides extra security in case a password is breached.

Not Tidying Up Your Desk

In an office environment, the large amount of data stored in a single location means workplaces are vulnerable targets for data mongers, thieves and hackers alike. In addition, owing to the COVID-19 pandemic, more businesses will be seeking to relook fixed overheads such as office space owing to reduced utilisation of the space. This means businesses may consider downsizing their current space, potentially moving to shared office spaces which are shared by multiple parties external to an organisation3.
 
Implementing a clean desk policy and a Shred-it All policy in our office spaces can go a long way in ensuring that confidential data is not seen by other organisations sharing the same space.

The Tendency to Overshare

Our innate need to share the latest happenings with those around us can also prove to be a little-known weakness in our data security. This is illustrated by past cases, both from within the public service, as well as in private settings.
 
In any organisation it is important for employees to be aware of the processes in place when managing personal data. Employees should refer to their organisation’s data protection officer (DPO) to clarify any doubts.

Mitigate the Risk of Data Breaches

No organisation or industry is immune to the fallout of a data breach. In addition to financial sanctions, data leaks also result in a tarnished reputation, and may result in further losses as organisations need to begin the long process of rebuilding and regaining the trust of their customers.
 
Organisations should not be complacent and take an “it is likely to happen” approach when it comes to data breaches. Vulnerabilities can arise from the most innocuous of habits. In setting out data protection policies, organisations should look at the measures in place to protect both digital data, as well as physical data in the form of documents and hard disks.
 
Shred-it can help you to assess your organisation’s risk exposure to data vulnerabilities. Contact us today to mitigate the risk of a data breach.

 

 

 
Disclaimer
 
This article is provided for your convenience and does not constitute legal advice. Readers should not take, or refrain from taking, actions based upon the content of this article. Prior results do not guarantee similar outcomes. Please seek professional legal advice.
 
1ZDNet (2020) Remote workers in Singapore aware of security rules, but still break them anyway. [ONLINE] https://www.zdnet.com/article/remote-workers-in-singapore-aware-of-security-rules-but-still-break-them-anyway/ [Accessed 23 July 2020]
 
2BBC (2019). Millions using 123456 as password, security study finds. [ONLINE] Available at: https://www.bbc.com/news/technology-47974583 [Accessed 15 July 2020]
 
3CNA (2020). Commentary: COVID-19 will reshape the Singapore office property market outlook [ONLINE] Available at: https://www.channelnewsasia.com/news/commentary/coronavirus-covid-19-singapore-office-coworking-property-reits-12745050 [Accessed 23 July 2020]