When it comes to protecting our personal and financial information, our thoughts typically jump to tech savvy scammers who send email viruses, hack databases, or try to steal our credit card information online. And while these bad guys abound, some thieves prefer doing things the old fashioned way.
Tech guru and CEO of Stickley on Security, Jim Stickley, shares four ways you can protect your confidential information by changing the way you do things at the office.
When people think of physical security, they most often think about the doors and windows being locked, the alarm being set, and the cameras being activated. However, when it comes to confidential and personally identifiable information (PII), those security steps are just the beginning.
Each employee has the potential to inadvertently leak confidential data numerous times throughout the day and often it’s the smallest mistakes that lead to a complete corporate breach.
To reduce that risk, this article will outline some of the more common areas where mistakes are made and outline what you can do to avoid them.
In most organizations, printers are kept in common areas and shared by multiple employees. The problem occurs when documents are printed that contain confidential information. The most common mistake is when an employee prints the document, but does not immediately go to the printer to retrieve it. The longer it remains unattended at the printer, the more opportunity exists for that document to end up in the wrong hands.
There have been many cases where I have gained access to a facility under the pretense of performing a pest inspection, as an air conditioning repairman, or one of dozens of other disguises. While in the facility, I continually walk by the printers in hopes of finding any unattended documents. When I see them, I grab them and place them in my bag. As for the employee who printed the document, he or she generally assumes that if it’s not there, the printer had a problem and it is simply printed again.
The best way to protect against this type of breach is to be ready to collect your document as soon as you print it. When you click the “print” button, immediately get up and go to the printer. Don’t assume that it’s fine to check on it in a few minutes, because sometimes you will receive a call or encounter another distraction and that document may end up on the printer for hours; just waiting to be seen by not–so-friendly eyes.
Whether you are in a cubicle or an office, your desk is generally your main work area. As the day progresses, papers begin to accumulate. The problem with this is that many of these papers contain confidential information and with just one small mistake, they can end up in the wrong hands. None of us likes to think that someone snoops around our desks when we are away. However, when I have been hired to rob a facility for testing and am onsite, the minute I see a desk unattended I go to it and use my phone to take pictures of every document left laying out. It’s simple and takes just a few seconds. In the meantime if the employee returns, I make an excuse for being around the desk and then walk away. No one has any idea that all the information left on the desk has just been compromised.
The simple solution is to never leave your desk unattended with any documents containing confidential or PII laying out. Simply placing them in a drawer will be enough if you are just stepping away for a minute. Of course locking them up if you will be gone for a longer period of time, is the right process.
By now everyone knows that confidential information should be shredded and never thrown in the trash. Yet, most recycle bins and dumpsters at organizations throughout the United States end up with a handful of documents containing confidential information each week.
How is that possible? Once again it comes down to simple mistakes. The most common one; an organization has one or two shred bins located in the facility and employees are expected to place items into the bins that need to be shredded. Because employees get busy, they do not always have time to get up and immediately walk over to the shred bin each time they have a document to discard. Instead they set it on their desk with a plan to dispose of it later. Unfortunately those documents sometimes end up mixed in with others that do not require shredding and ultimately find their way to the recycle bin or trashcan.
It is important to note that recycle is not shred and should not be treated as such. In other cases, an employee may have a box located under his desk where he throws all items that need shredded and at the end of the day are expected to empty that box into the main shred bins. All it takes is to forget to empty the box and those documents are now accessible to the cleaning crew or other after hour’s visitors.
With disposing of documents, it comes down to two simple tips to eliminate any risk.
First, plan to shred all documents that contain any confidential details or PII. Even documents with a person’s name, including used envelopes should be shredded. Your goal is to ensure that there is nothing in the trash or recycle bin that in any way could tie an individual back to your organization.
The second step is to shred the document the minute you are finished with it. Yes, that means you may be taking numerous trips to the shred bin, but ultimately the extra amount of time will be far less than the time required to deal with a situation in which confidential information ends up in the wrong persons hands.
Lock Your Desktop Computer
One of the most simple and yet most often overlooked steps to keeping confidential information secure, is to lock your computer whenever you walk away. People often assume that when they walk away from their desks, anything still there, including that computer is safe.
The reality is that it only takes a few seconds for a criminal with physical access to the facility to use the web browser on your desktop to download malware to your computer. Even if you have your own office or a co-worker is sitting right next to your desk, a skilled criminal will not be deterred.
Fortunately, out of all the physical security concerns, this is the easiest to address. Whenever you are about to walk away, simply lock your computer. On a Windows computer, this is as easy as pressing the “Windows” key and the letter “L” at the same time. On Mac you can put your computer to sleep by pressing the Option-Command-Eject keys on your keyboard (note that you will need “Require password when awake from sleep” turned on).
Protecting confidential information through physical security requires the work of all employees. Remember that it only takes one document ending up in the wrong hands to lead to a breach of customer information. By following the simple tips provided in this article, you can help to greatly reduce the risk to your organization.
How DuGood Can Help
Here at DuGood, we take your security very seriously! Want to learn more about keeping your personal and financial information safe?
- Check out our Security Center. It’s filled with helpful articles just like this one!
- Learn more about our ID Theft Protection For just a few bucks a month, we’ll cover all of your financial accounts, not just those at DuGood.