Experts estimate the recent IT security breach at Target cost the company $148 million dollars. At the same time, the Heartbleed vulnerability put millions of users at some of the world’s most popular sites in danger of having their passwords compromised.
While these events have gripped the headlines, most data breaches are not the result of pervasive software problems like Heartbleed or sophisticated, large-scale attacks. Instead, they are caused by vulnerabilities created and worsened within the office security of the target enterprise itself.
IT office security does not come from any one policy or piece of software. Instead, business leaders should imagine it in terms of “deep security,” an environment where multiple forms of protection combine to safeguard crucial assets. In many cases, assets are compromised by human error at the office long before an attack takes place.
Everyone in an organization has a role to play when it comes to security. Leaders whose teams interact with sensitive data on any level must be prepared to recognize and take action against security problems even if their duties are far outside the scope of conventional IT.
Let’s consider the top office security mistakes:
Giving Too Many People Access
Do not give too many employees access to important, private business data. When too many people have access to information they do not really need, it puts your business at increased risk. The more employees that you allow access, the more vulnerable endpoints there are. That means more worry about IT protections and potential hackings. Do not make this mistake. Only allow data access to those few employees for whom it is essential.
Not Being Alert to Physical Security
Automated safeguards, such as firewalls, can lull workers into underestimating the risk of having their data physically accessed. One of the most common physical security blunders is leaving passwords written down on sticky notes on or near computers. Even your salon software password can be used against you. Desks and office doors should be securely locked after hours.
Not Securing USB Drives
It is easier than ever to carry work from one computer to another using USB “flash” drives. However, convenience has a price: Viruses can travel from home computers undetected. The most secure environments ban USB drives entirely. If drives must be used, make sure they have on-board virus protection and use passwords in case they are lost or stolen.
Not Using Appropriate Safeguards With “BYOD”
Now that more than half of all American adults own smartphones, “Bring Your Own Device” is a reality in many workplaces. A patchwork of different private devices can cause all kinds of office security headaches, so ensure all devices are equipped with basic safeguards before they can access your network. Most importantly, insist on a modern antivirus program set to check for updates daily.
Not Purging Data from Old Equipment
Most hard drives do not completely erase deleted information, but instead wait for that data to be overwritten as new data is created. As equipment reaches the end of its life, it should go through a thorough disposal process. Formatting a computer isn’t enough: also make sure specialized software is used to overwrite your deleted files with “junk” data that makes your information impossible to retrieve.
Not Using Appropriate Encryption
The connection between your corporate intranet and the wider Internet needs a strong firewall, of course, but safety doesn’t end there. Any and all connections by employees working remotely must be encrypted as well. As recently as 2012, more than half of all “data harvesting” attacks by hackers targeted data in transit, including data on its way to off-site employees.
Not Keeping Employees Up to Date
“Phishing” is a global dollar criminal enterprise because people routinely fall for it, handing passwords, bank accounts, and other sensitive data to suspicious websites. You would not start renting office space for small business without verifying that the renter was legitimate and professional. Why would you give your personal information out without doing the same? Employees must be trained to spot the signs of data collection attacks by email, instant message, and even by phone so they will not inadvertently cause a crisis.
Not Remembering The Importance Of Physical Security
When thinking of office security, many people immediately jump to IT security. But, no amount of encryption will prepare your workplace for a burglary or other break-in. That is why you must remember to take physical office security into consideration. The best office security systems, like ADT Pulse or similar, help to protect your devices and hardware. This is the most basic protection you can provide, so that all your firewalls and encryption are not for nought. If you want to secure your office and its equipment and data all at the same time, make sure to have an office security system installed.
Creativity and vigilance are the cornerstones of IT office security in the modern workplace. Motivating every member of the team to see office security as a vital part of daily operations will improve your overall protection enormously.
Image from http://securityintelligence.com/heartbleed-openssl-vulnerability-what-to-do-protect/