When thinking about securing your business from cyber threats, the mind quickly turns to phishing, hacks and viruses, but there are many security threats in and around the office that can expose your business to a host of threats and cybersecurity issues. In conjunction with a solid cybersecurity solution provided by your MSP, be sure you and your employees follow these office tips to protect your physical workspace from system comprises, unauthorised breaches and data loss.
1. Unlocked devices
Mobile phones, laptops, desktops, tablets and even printers/multi-function devices should all be locked and password protected when unattended, as these (and any other) network-connected devices can be comprised, allowing for unauthorised access into your system or unauthorised removal of data from it. Even though most devices lock/power down after idling for some period of time, create an office culture where locking devices becomes second nature for all employees. It’s not that you don’t trust your colleagues, it is just being safe.
2. USB Drives
USB drives pose a host of security issues and we don’t like them at iTeam. Unknown drives should never, ever be used, as they could easily contain hidden malware or spy software that could steal data or install ransomware on your network. However, those drives that you do use for normal business functions must be recorded and kept under lock and key so they are not compromised with malware, misplaced or stolen. USB drives make it far too easy for curious eyes or unauthorised users to get a peek into sensitive or confidential business information and are unfortunately left behind in public places (airports, coffee shops, etc.). Make sure any and all USB drives used in your business are cataloged and their whereabouts known at all times—or perhaps look to cloud solutions for sharing/transporting data and ban the use of them completely.
3. Paper Documents
What may be innocuous to your employees could be valuable to others who want to infiltrate your systems. At the end of the day, be sure that papers, reports, financial records and any other proprietary data is off the desks and locked away. When they are no longer needed, shred any documents with financial records, proprietary data or confidential information. And of course, to minimize the problem, go paper-free wherever possible.
It’s a common occurrence, even in the face of many strict cybersecurity policies, but many employees use notes or cheat sheets for the various usernames, logins and passwords they require for day-to-day work. Nothing could defeat the purpose of a password more easily than doing this, and leaves the door wide open to anyone who accesses your office to gain entry into your network and systems. We recommend the use of a software-based password management system to prevent this risky behaviour. It may not be as quick to access those important passwords as writing them on a sticky note, but is far more secure so just get used to doing it.
5. Wallets and Keys
Just as easily-accessed passwords are a threat, wallets and keys that are left on desks during meetings, bathroom breaks, lunches, etc., can all leave your business exposed to unauthorized entry. Pay special attention to this if there are areas of your business under lock and key, or if ID/keycards are used, as these are typically kept in wallets. Lost keys and access IDs can quickly lead to tampered or duplicated methods of access, so if need be, offer lockers or secure places where employees can store their personal belongings while they work.
So as well as considering technical measures to guard against cyber threats, consider these security best practices. They are largely not about spending money but changing your workplace culture to become more aware of how physical security and cyber security can help protect your business.
I’m always happy to talk about how iTeam might be able to help you look after your data and systems more securely. Please get in touch if you think we can help.
iTeam Solutions Ltd