Your security practice is probably fairly complex, which can be both a good and a bad thing. With many different areas to worry about, including mobile devices, servers, and network security, it can be easy to forget about a few areas when it comes to information security. Security experts today often spend most of their time on the technical aspects of security, such as antivirus, antimalware, Spam filters, and firewalls, and they often either ignore or pay less attention to other areas of your business that can lead to a potential security breach. Below are 5 areas of your business that are often overlooked from a security standpoint.
A few years ago, security experts named office printers and MFPs as an overlooked information security issue. While most businesses apply some layer of security to their printing devices, printers still can lead to major data leaks. One concern is print jobs that are left or abandoned on at a printer. Not only does this represent waste, it can also be a security issue if sensitive data is inadvertently picked up by the wrong employee. Many MFPs employ technology that prevents this from happening. Tools such as PaperCut by Konica Minolta and other smart print technologies employee an access based system where print jobs are only printed once an employee scans a security fob or access card. This stops sensitive data from sitting unattended, which can significantly boost your security stance.
When is the last time you reminded your employees about policies and procedures regarding office visitors and information security? Do all visitors sign in and out at reception? Are visitors escorted at all times? Many employees get used to visitors, whether it be a contractor, client, or prospective hire, walking around the office by themselves, yet most companies have policies in place for managing visitors that prevent this from happening. Office visitors can easily be exposed to private information, whether it be an unlocked workstation, a print job left on a printer (see above), or even the video screen of a meeting room. Remind your team about visitor procedures and make sure that they are followed.
Even in a digital age, whiteboards are still a primary method for creating new ideas as a team. Chances are that you have probably filled up a whiteboard with information on a new product or method, and rushed onto your next meeting without erasing the board. This can be an issue if employees who use the room after you have a visitor with them or should not have access to that information. Remind employees to erase whiteboards when they are done using them. It is the courteous thing to do, and it helps protect your business. Also, consider modern methods such as a Cisco Spark Board, which lets you collaborate in real time with remote and onsite employees.
When employees leave, you will immediately disable their primary account access, right? However, are you sure that you know about everything that employee had access to? Simple things like a social media password might go overlooked, and can lead to problems down the road. Security leaders should review offboarding processes frequently to make sure that they are up to date and don’t expose your business. This should also be applied when an employee is promoted or changes teams. Another way to prevent an employee from accessing a system after they leave is to enable Signal Sign On (SSO) for your critical systems. That way, when you disable one account, you are disabling everything they could access.
This is a big one. Phishing is still the number one way ransomware gets introduced into your systems. Train your employees on information security tactics early and often and on how to detect and avoid phishing scams. Post material round the office and on your company intranet. Do not assume that everyone knows how to spot a phishing scam. Also, try and foster a positive relationship between IT and the rest of your organization. Employees should not be afraid to approach IT to ask a question or report a possible issue.