Security Best Practices — Are You Implementing Them?

Chances are you’ve done it.  You left your computer unlocked while you ran to the breakroom, or perhaps kept important documents exposed on your desk while you head out to lunch.  This isn’t exactly uncommon, but it is a terrible habit to get into.

But wait — it gets worse!

According to Shred-It’s State of the Industry Report, 25% of workers have left their computers unlocked after leaving work for the day.  That’s hours upon hours that the computer is accessible to anyone who happens to walk into that office.   Now, let’s assume that this individual has admin rights.  If someone wanted to, they could install malware on this device and spread it throughout the entire network.  Or they could access confidential company data or employee/customer information stored on the device.

But this goes beyond locking the device.  Like mentioned above, we’ve all likely left a document on our desk that should’ve been locked up before leaving our workspace.  As it turns out, 36% of workers have left sensitive documents exposed after leaving work for the day.  This too has a security breach written all over it.  What if this was a medical facility?  Think of all the information held in a patient file that is being haphazardly left on the admissions desk or an unlocked doctor’s office.  I’m sure if it was your patient file, you’d be less than thrilled.

Preventing Human Error

Honestly, very few things are more difficult than preventing human error.  You cannot control how others keep their workstations.  You cannot control whether or not they lock their computer, or put sensitive documents away.  So, what exactly can you do?  First, you can mandate all devices that have no recognized activity for 2-4 minutes to automatically go into “Sleep Mode”, which you can require a password to unlock.

Unfortunately, you cannot magically make the file go into a locked cabinet after someone left it out.  Nor is it feasible to do walk-throughs of employee offices before leaving for the day.  Therefore, it may be most beneficial for management to put into place a write-up policy for exposed sensitive documents.  If an employee is written up a certain amount of times, it is justification for termination of employment.

To be clear, these are not the only two risks.  Employees who have passwords written down on sticky notes on their monitors, or saved in Word documents are equally guilty.  Employers are suggested to invest in password vaults for employees, which will avoid the need to keep passwords elsewhere.

Conclusion

We get it — it can be easy to forget to do these things.  It can also be hard to remember every single password you need to login to various programs, applications, or systems.  However, as an employee of any organization, you are held responsible for the data you encounter on a daily basis.  That information may include proprietary information for the company, customer/employee personally identifiable information, other company’s data, financial information, etc.  Treat this information with respect and get in the habit of checking your workstation each time you exit it.  This includes ensuring your devices are locked, and all sensitive data is removed from your desk and locked away in its proper place.

You’re also encouraged to take these best practices home.  Locking your home devices and securing personal information so not every person that walks into your house can access it — is strongly encouraged.