By Tina Costanza
More than half of business executives who reported a data breach cited the main cause as human error by employees, Shred-it’s 2019 Data Protection Report suggests.
Now, in this period of COVID-19, in which many employees are working remotely, organizations are potentially more susceptible to events such as data breaches and fraud, and for a variety of reasons, says Michael Borromeo, Shred-it data security expert.
“Being at home adds another location where information can be unintentionally leaked to outside sources — unsecure Wi-Fi connections and mobile apps, negligent caring of documents, visual theft and improper disposal of confidential information are all risks heightened when out of the office,” says Borromeo.
“Additionally, employees are less likely to have the same disposal methods or equipment necessary for properly destroying files as they would if they were in-office, increasing the risk of confidential work information leaking. The garbage or recycling bin is no substitute for a secure shredding box typically found in an office.”
Other common data security mistakes include using the same weak password for everything; leaving computers unlocked and unattended, even at home; clicking on malicious links or email attachments from unknown senders; downloading mobile apps to work phones without reviewing them carefully, including privacy policies and settings; and using sticky notes and scrap paper to write down confidential information (often left in easy-to-see locations).
There are several ways organizations can protect their data, however.
Borromeo says the most important way is by prioritizing data security in the workplace and setting a standard for employees. Conduct a regular review of information security policies, which includes both computer security measures (passwords, encryption, firewalls, anti-virus software, event monitoring tools, etc.) and physical security measures, such as a clean desk policy, in which sensitive information is kept out of view by being safely locked away.
“Stay up to date on compliance requirements,” Borromeo adds. “Depending on the industry and type of data, an organization may be subject to a broad range of privacy laws and legislation.”
To protect data while working from home, employees can take steps such as encrypting files; never leaving devices unattended; and only using secure networks and applications. When it comes to data or documents that contain sensitive information, ensure they are completely disposed of and irretrievable when no longer needed, says Borromeo.
And be careful about what lands in your inbox.
“Cybercriminals have been using fears of the pandemic to trick people into opening COVID-related phishing emails that install malicious software on their computers to obtain access and steal sensitive data,” Borromeo says.
These criminals have different motivations for stealing confidential data.
“More often than not it’s for access to specific information that furthers a personal or professional motive, which is often financially driven. Having access to personal, financial or even health data can allow them to monetize this information on the black market, for other companies and more,” Borromeo says.
He also advises organizations to role play scenarios with employees, in order to prepare everyone for a cyberattack.
“Have a response team in place that consists of members of senior management, IT, legal and human resources. What’s most important is an immediate response and everyone knowing their responsibilities in advance. There should be ongoing security awareness training for all employees, as well,” says Borromeo.
“At Shred-it, we know that when security policy and training become part of an everyday routine for employees, the risk of a data breach can be greatly reduced, even in stressful circumstances.”