According to an annual study conducted by the Ponemon Institute, as many as 43% of companies have experienced a data breach in the past year – a 10% increase from last year. As companies scramble to keep their names out of the headlines by bolstering up their security practices and protocols, it’s important to take a deeper look into the little things you can do to better manage privacy and security within your own company.
Here are a few things to keep in mind as you think about how to keep your company secure this year:
I. Host a Policy Refresher
Employees can be your company’s greatest asset, as well as the weakest link when it comes to upholding standard, security protocols. While it may seem obvious that an informed workforce is a more secure workforce, many employees aren’t always aware of the latest corporate procedures established to protect the organization. As the calendar turns, consider hosting a policy refresh course for all employees, regardless of level, to start the new year off strong. It will give you an opportunity to address any policy changes that may have been made in the past 12-months, speak to any industry-wide security changes and update the staff on the privacy and security tools at their disposal.
II. Protect Against Visual Hacking
While a lot of resources are spent protecting data from high-tech cyber criminals, many overlook other potential threats like visual hacking, a low-tech method that may be used to capture sensitive, confidential and private information for unauthorized use. If an employee is working on sensitive company or customer information outside of the office or in full-view of an office with employees who don’t have the same access, information is at risk of falling into the wrong hands. In fact, the 3M Visual Hacking Experiment, conducted by Ponemon Institute on behalf of 3M company, a leading manufacturer of privacy filters, found that in nearly nine out of ten attempts (88 percent) sensitive corporate information, such as employee access and login credentials, was able to be visually hacked. In addition to providing employees with the right tools, like privacy filters, it’s important to educate them on the potential risks of a visual breach and incorporate the need to protect visual privacy in corporate security policies.
III. Rethink the Open Floor Plan
As a means to increase productivity, many organizations are creating open workspaces, allowing employees to work within a more free-flowing setting. While it may work for some, an open floor plan comes with it’s own set of privacy and security drawbacks. By taking employees outside of the confines of their cubicle or office walls, it becomes all too easy for vendors, third-party workers or even malicious, opportunistic employees to see confidential information from a device screen or hard-copy file. This office configuration can needlessly put your employees and data at risk. If you have, or are moving to, an open floor plan it is critical to assess how the set up will affect your company’s security procedures and make sure that privacy protocols are updated to reflect what information can be worked on where and when to better secure corporate information.
IV. Prevent Social Engineering
Employees may succumb to a social engineering attack because they were simply trying to be helpful and nice. However, that same employee can be the “in” a hacker needs to launch a more widespread attack on the company’s system. Before this happens within your organization, take the necessary steps to teach employees about the impact of social engineering and how they can be part of the solution to prevent it. Show them examples of what a typical phishing email looks like, make participating in social engineering trainings mandatory so that someone doesn’t accidentally give away corporate information over the phone, and incorporate best practices for how to deal with a social engineering attempt in official corporate policies. The more your employees know about potential risks, the better equipped they will be to protect themselves – and the company.
For more information on 3M privacy products and how to protect your organization from visual hackers, please log on to www.3Mscreens.com/visualhacking