A recent study conducted by Kapersky Lab found that the biggest security threat to most organisations are not cyber hacks or scams but ironically, their employees. The truth is, data breaches and leaks often stem from internal factors. The lack of consciousness of the (many) vulnerabilities in an office space potentially exposes an organisation to a security breach, and instilling proper habits and routines requires both employer and employee effort.
Two areas to focus on are physical data and e-waste security, and these are five spots in your office where either area may come under threat:
- Printer areas
Documents that may contain confidential information often get forgotten in printing trays or rooms. This means that anyone, including fraudsters – can get their hands on these documents, making a data breach imminent. A simple way to prevent this is to protect all printers with a password.
- Rubbish bins
Sometimes, it’s hard to discern which documents are confidential and thus, documents containing sensitive information may be accidentally tossed into open rubbish bins. It’s best to be safe than sorry – physically destroy all unwanted documents and implement a Shred-it All policy.
- Messy workspaces
As the to-do list at work piles up, so do the documents lying around a work desk. As a result, office visitors may be unintentionally exposed to confidential information. Organisations should enforce habitual desk-cleaning and document organisation with a Clean Desk Policy.
- Filing room
Common rooms often house sensitive documents, such as presentation decks and financial reports, making the area susceptible to security violations. Employees should engage in regular spring cleaning to declutter these common areas and keep them clean and secure.
- Storage devices
USB and Hard Disk Drives are two of the most commonly used storage devices in an organisation’s day-to-day operations. They contain an enormous amount of data and pose a great security threat as organisations tend to accumulate old drives and leave them lying around the office, or dispose them in dangerous ways. Even after a memory wipe, the data in these devices may remain retrievable. It is important for organisations to employ a Hard Disk Destruction Service to physically destroy all obsolete storage devices, rendering data unrecoverable.
To ensure continual security, organisations should appoint a Data Protection Officer (DPO) to oversee all data protection measures. The Personal Data Protection Commission (PDPC) has recently rolled out the DPO Competency Framework and Training Roadmap to develop DPO capabilities and better equip organisations with data protection measures.
As we are moving into the digital era, it remains ever important for organisations to have solid data protection policies and processes to ensure they remain compliant, and it is everyone’s responsibility to ensure the secure protection of all sensitive data.
Start Protecting Your Business
An organisation that integrates data protection into its business processes can reduce the data breach risk and PDPA non-compliance to the PDPA. Learn more about how Shred-it can protect your documents and hard-drives by contacting us for a free quote.