New information security practices create opportunities and challenges for employees
CINCINNATI, Nov. 16, 2015 /PRNewswire/ - In recognition of International Fraud Awareness Week (November 15 – 21) and as an official Fraud Week Supporter, Shred-it is looking back on the past three decades to explore how changes in technology make our lives easier, but expose us to new risks.
Drastic changes to the way offices work and developments in technologies have improved productivity and made information storage easier, but they come at the cost of higher potential security risks.
"In the last 30 years the nature of office work has changed dramatically and the risk profile of the average business has changed along with it," says Bruce Andrew, SVP, Shred-it. "While many of those changes have made certain office tasks easier or improved employee productivity, they have also introduced threats unlike any workers have faced before. Without understanding the implication of these changes, employees may have difficulty identifying new potential threats of fraud."
Below, Shred-it compares elements of office life in the late-80s against the current environment and identifies the risks that have evolved as technological advancements have been adopted:
- Hard Drives and Printers: Then, printers, photocopiers and fax machines were all separate devices that stood alone and may or may not have been connected to an internal office network.
Now, all-in-one machines can print, copy, fax, scan and email, and interact with computers in and out of the office. After 2002, these devices also came standard with sizable hard drives that store images of businesses' confidential information1. If businesses don't remove and destroy hard drives before selling or scrapping an unused device, they risk their confidential data being accessed by unauthorized people.
Solution: Old or unused printers should have their hard drives removed before being sold or scrapped. The hard drives should then be destroyed to ensure that confidential data is irretrievable by potential fraudsters.
- Open Concept Offices: Then, workplaces would be composed of a mixture of cubicles or exposed desks for staff, and lockable offices for managers and executives. The most important and sensitive data was secured in those offices throughout the day, and when employees left for the evening.
Now, there is a rising trend of open concept offices among companies of all sizes. While open concept offers benefits such as higher productivity and better collaboration, it also introduces serious information security risks. Some areas of concern include visual hacking—viewing confidential information for unauthorized use—and device and document theft.2
Solution: Companies should introduce clean desk policies, which ensure that documents are securely stored in locked filing cabinets, and ban deskside recycling bins to limit the data exposed to unauthorized viewing.
- Mobile Workplace: Then (1988), a Toshiba T1200H laptop weighed 14 pounds, had a 20MB hard drive and cost $7,128 (2008 dollars)3. Needless to say, the average employee wasn't able to take much of their work home with them, and if they did, the amount was strictly limited.
Now, offices issue employees laptops, phones, and storage devices with storage capacities that allow an immense amount of information, including confidential data, to walk out the door each night. A single lost or stolen laptop has the potential to seriously damage any business.
Solution: Strict information security protocols and procedures are a necessary component of any modern office. Employees must understand and take appropriate precautions when removing any data from their workplace, including not leaving hardware or materials in vehicles, encrypting phones and hard drives, and activating passwords on electronic devices.
- Digitization and Cloud Space: Then, businesses used to store important information as printed documents or in massive databanks that could take up immense amounts of space. Such rooms were either off-site or secured onsite and had restricted access.
Now, much of our information can be stored on our laptop hard drives, USBs, external hard drives or cloud networks. Each of those technologies put organizations at higher risk due to the fact that they can easily be lost, or accessed by hackers. It is also difficult to keep track of storage devices when employees leave an organization. 4
Solution: All devices should be encrypted to protect the confidential information stored on them. Once out of use, the devices should be securely destroyed. It is also important to keep track of where all storage devices are at any given time. Fulsome policies and procedures can help protect an organization from a harmful data breach.
Business leaders need to acknowledge the way workplaces have changed and take action to introduce policies and procedures that will help reduce the risk of fraud. For more information on Shred-All and Clean-Desk policies, please visit the Shred-it Resource Centre.
Shred-it is a world-leading information security company providing information destruction services that ensure the security and integrity of our clients' private information. A wholly, owned subsidiary of Stericycle, Shred-it operates in 170 markets throughout 18 countries worldwide, servicing more than 400,000 global, national and local businesses. For more information, please visit www.shredit.com.