In the 2016-2017 calendar year, data leak and confidentiality breach statistics soared. According to an InfoWatch report, 80% of all leaks for 2016-17 were business-related and almost 70% of those leaks and losses happened due to the actions of an employee or executive. Hacks and viruses cover only a minor portion of all leaks. Most data security issues are usually non-tech in nature and concern the daily routines and behaviors of employees at all levels.
Here are some basic steps you can take to reduce your vulnerability to data breaches and information theft:
- Identify the weak points of your office’s processes by thinking skeptically. Ask your staff what they find to be your office’s weakest points for data security. If you feel there is tension and people are reluctant to speak out – organize private sessions and establish ensure your employees that they’re not under investigation for “past sins”. Allow them to communicate their feedback without threat of retaliation. Nobody knows your office better than the people working in it.
- Your office’s reception table should be cleared of all papers. Your visitors, no matter how familiar and trusted, should have zero access of any kind to correspondence your office receives. Second, if you maintain a registration log for visitors, make it digital – on a laptop or iPad, for example. Converting all data for office visits to electronic not only makes it confidential but easier to track and analyze as well.
- Constantly remind your staff to save files in a cloud drive instead of physical hard drives. Ideally, PCs should be used as a tool for internet access only and not for storage. In this case, if a laptop is stolen, broken or hacked, the loss is restricted to the cost of one device while various other valuable business assets remain safe. Today, the internet offers a wide range of options for moving your business onto cloud storage services – from the well-known Google Drive to much more sophisticated services featuring Pentagon-approved security standards.
- If you feel your company isn’t yet ready for a majority paperless transition, try electronic signatures instead of traditional paper signatures. Electronic signing offers several advantages over the traditional paper and pen. First, it is faster and more secure. Second, documents signed online are safely stored and can be easily retrieved whenever necessary. Finally, the consistency of an electronic signature compared to a signature by hand is immeasurable.
- Research the performance history of your internet provider before signing a contract and on a regular basis while under contract. Search to see if the company was ever, or is currently involved in, any data breach scandals. How safe do other customers feel providing their personal information to this provider? The same applies to other service providers, especially those working with your most sensitive information. In 2017, one of the most popular e-signature providers was hacked due to a spam campaign compromising its security apparatus. The result of the attacked amounted to over 1 billion user profiles with partial data on names, addresses and social security numbers were exposed.
- Discourage office use of USB drives. In some estimations, more than 70% of all leaks occurred from information being passed via USB drives. These leaks may not be intentional but a USB drive is one of the easiest and fastest ways to lose data on a commute between your office and home or while traveling. One of the most recent data breach scandals, concerning Heathrow Airport and a leak of royal data, happened because a memory stick with highly sensitive information pertaining to the Queen’s airport route was dropped on the street.
- Educate your employees. Plan meetings to analyze typical mistakes made while working with sensitive data. Review cases of data security breaches and any details that were made publicly available. Apply the events of the incidents to your office – are you vulnerable to them as well? Why or why not? How should people at various positions react and why? Start small by scheduling a short meeting with employees and dedicate it to the simple issue of setting passwords. You may be surprised to find out how many people in your office still use passwords like QWERTY, 123 or their dates of birth as passwords to access the most confidential and valuable data of your company.
- Meet with your staff and decide on what can be posted online and what is not acceptable. Organize a special meeting with all employees to discuss what types of information pertaining to daily office life is appropriate for sharing on social networks. People tend to post photos rather carelessly, thinking only about their appearance while ignoring background details. The latter may contain highly sensitive data such as passwords, bank account digits, client phone numbers, etc.
A business’ office life may never be perfect for every employee, but with the minimal effort, your company’s data security and the protection of your clients’ most sensitive information can be greatly enhanced.