Cyber security has become a huge concern for businesses today, with valuable customer and corporate data accessible to determined individuals through a variety of avenues. Today, there are numerous digital and physical security risks posed by users who do not properly erase data before disposing of commonly used office equipment and devices. In order to keep personal, company, and other sensitive information out of the wrong hands, basic security best practices must be upheld from the IT department down to the employees.
In tandem with a joint study with DePaul University evaluating the threats posed by second-hand technology and devices, McAfee created an interactive graphic to illustrate how security risks can infiltrate your office via devices that are not sufficiently wiped or secured. From human resources and finance, to legal departments, data can leak out if not properly protected. Below are some of the potential data leak hazards at the office and tips on how to solve them.
Trash Bins and Shredders
Unlike Vegas, what goes in the trash bin doesn’t always stay there. While seemingly innocuous, these receptacles can hold a variety of valuable and sensitive company information—from invoices to credit card statements. Despite all of the advanced ways criminals use to siphon information digitally, sometimes the most valuable finds can come from old-fashioned methods. A survey of identity theft victims found that 88% of the information collected was acquired through dumpster diving. Aside from documents recovered whole, sophisticated software can also be used to recover shredded items.
Avoid criminals who are willing to get their hands dirty by properly disposing of all CDs, DVDs, credit cards, and other corporate documents with a microcut shredder.
With all of the information created, shared, and stored on corporate networks, taking advantage of cloud storage offers many benefits including cutting cost and easy access. However, cloud storage also creates a host of new security risks for businesses and 85% of executives still cite cloud security concerns as a main inhibitor to adoption. Potential risks include password sniffing, where a Wi-Fi sniffer is used to capture passwords and other sensitive information as it travels across the network.
In order to protect you network, it is crucial to use secure protocols like SSL or TLS for browsers. Additionally, a virtual private network (VPN) will add another layer of security when employees are accessing the server from remote, and potentially insecure, locations.
For many businesses today, employees use their mobile devices, like smartphones and tablets, interchangeably with their computers—and interchangeably between work and play. The freedom offered by these devices is a major incentive and allows workers to stay online wherever they are. Unfortunately, this convenience creates some serious security risks in the form of Wi-Fi hotspot attacks, mobile malware, as well as physical theft and loss. In addition, 96% of mobile devices lack the necessary security software needed to protect them from malicious activity.
If these internet-connected devices are not used safely there is the potential for data exposure and other serious consequences. All employee mobile devices, both corporate and personal, should be equipped with anti-malware, email and web security tools to thwart cybercriminals and regular criminals alike.
The three issues discussed above only scratch the surface when it comes to potential leaks for company data. The most crucial point to take away from all of this: Giving your devices and data a “deep clean” may not be enough. Double and triple check with both your IT department and device manufacturers for the process to scrub you data clean and keep it out of the hands of those with sticky fingers.