July 12, 2018
Having a state of the art cybersecurity system that protects company-owned devices doesn’t mean your organisation is immune to security gaps. There still might be security risks that you are not aware of, and this could lead to data loss, security breaches, and violations of privacy laws.
With the PDPA clamping down on organisations who are lax in their treatment of personal information, every company should take the necessary precautions.
1) Careless Employees
Often security issues can be pinpointed back to one employee who made a mistake. Studies suggest that up to 95% of information security breaches involve human error. Some of these errors can include easy-to-guess passwords, lost devices, accidental disclosure of information by email, unnecessary printing of sensitive information, leaving confidential papers unattended and improperly disposing of documents.
One of the best ways to handle this is to use automated safeguards such as password management, identity and access management, network access rules and rigorous processes and procedures for all data across all media. Encourage your employees to have secure work habits through awareness campaigns. For example, the Shred-it all Policy, if properly embedded, directs employees to securely destroy all documents when they are no longer needed, thus reducing the risk of a data breach.
2) Mobile Devices & Internet of Things (IoT)
Singapore is one of the top Asian countries in terms of technological advances, so it’s no surprise that our mobile workforce is growing, and it does not look like this will change anytime soon. Mobile and IoT devices are therefore a prime target for cyber criminals. With the right equipment, access to mobile devices is easy and apps pose a huge IT security risk, with hundreds being found to have security issues in 2016.
The best way to prevent a security breach on mobile and IoT devices is to implement a well-supported mobility and security awareness program. You can also choose to teach best practices to your employees on how to recognize and respond to suspicious text messages, also known as SMishing. It is also best to create a list of approved apps and limit the number of apps on your phone.
3) Insider Fraudsters
According to the Global Fraud and Risk report by Kroll, 2016 saw a hike in the number of fraud and risk incidents. In the cases, when the perpetrator was identified, 81% of them were insiders. The 2016 Global Fraud Study showed that a lack of internal controls was the most prominent contributing factor leading to fraud in organisations.
One of the best ways to detect fraud in the workplace is through tip offs given by other employees. By providing a reporting hotline, employees will be able to share information that could help reduce the risk of fraud. Another way is by implementing a Clean Desk policy. This way, security risks will be managed by encouraging employees to not leave confidential information out in the open and creating a security conscious working environment.
4) Breach Response
When a breach hits an organisation, some find themselves unprepared in how to respond. The damages inflicted becomes much larger and can lead to damaging loss of credibility for the organisation, especially when the organisations take a longer time to detect and remediate breaches.
One thing an organisation can do to reduce information security risk is to form an internal incident response team to ensure that there are up-to-date controls in place and create a comprehensive incident response plan. By having a plan in place, everyone will be prepared on the necessary steps to take when a data breach occurs.
There are many different ways to minimise the risks of data breaches, whether it be an upgraded cybersecurity system or a Clean Desk Policy. The important thing to remember is that data security encompasses physical security as well as digital security and that the best security also looks into the human element for a truly holistic approach.
If you would like to review your security requirements please contact a Shred-it representative to book your FREE Data Security Survey and quotation.