5 Common Information Security Gaps in the Workplace
Do you know where the information security risks are in your organisation?
Weak links in your policies and processes are an information security risk and can lead to data loss, security breaches, and heavy fines for falling foul of data privacy laws.
One of the best ways to find out is to carry out a Security Risk Assessment. It will identify data security risks – and where an organisation can implement safeguards to protect themselves.
Here are 5 of the most common information security gaps in the workplace today.
1. CARELESS EMPLOYEES: Studies suggest that around a quarter of information security breaches involve human error. Using recycling bins in the office can force employees to decide for themselves which documents are confidential and which aren't, leading to sensitive data being disposed of insecurely. Other common errors include system mis-configuration, poor patch management, easy-to-guess passwords, lost devices, accidental disclosure of information by email, phishing links, and leaving computers unattended.
Solutions: Use automated safeguards such as password management, identity and access management, and network access rules. Support secure work habits with awareness campaigns. Embed policies like a Shred-it All Policy, which directs employees to securely destroy all documents when they are no longer needed.
2. INSIDER FRAUDSTERS: Three quarters of companies have had a fraud incident in the past year, according to the Kroll Global Fraud Report 2015-2016. Where fraud occurred and the perpetrator was identified, four in five (81%) were insiders. The 2016 Global Fraud Study reported that the most prominent organisational weakness contributing to fraud was lack of internal controls. It was cited in almost a third of cases.
Solutions: Provide a reporting hotline - the most common detection method of fraud in the workplace is tip-offs. Managing security risks also means putting policies in place to reduce confidential information being left out in the open. Partner with a document destruction leader that has a secure chain of custody. Implement a Clean Desk Policy, which helps protect confidential information in digital and paper formats.
3. INTERNET OF THINGS (IoT): The Internet of Things (IoT) is set to grow as both organisations and individuals adopt IoT devices. Unfortunately the devices used to collect the data aren't always secure.
Solutions: Reducing IT security risks should be an organisation-wide commitment along with IT security tools and monitoring, and training employees on safeguards.
4. MOBILE DEVICES: The growing mobile workforce is a target for cyber criminals. With the right equipment, they can access nearby mobile devices easily. Small, compact mobile devices are easy to steal. Also, apps are a huge security risk – according to the Mobile Threat Report, hundreds of apps were found to have security issues in 2016.
Solutions: Implement a well supported mobility and security awareness programme. Teach best practices such as how to recognise and respond to suspicious text messages called SMishing (don’t click on links). Control devices, and limit apps to an approved list.
5. BREACH RESPONSE: Research including the 2016 SANS Incident Response Survey has shown that the quicker an organisation can detect and remediate breach incidents, the less damage the breach does. Malware still holds the top spot as the underlying cause of reported breaches.
Solutions: An internal incident response team helps reduce information security risk. Create a comprehensive incident response plan so everyone knows what to do when a breach occurs, and there are up-to-date controls in place.
A reliable document destruction partner will recycle paper documents after secure shredding. Learn the difference between recycling and secure document destruction with this infographic.
Start Protecting Your Business
To learn more about how Shred-it can protect your documents and hard drives, please contact us to get a free quote and data security risk assessment.