They are the things that people do in offices every day. Papers left on printers, computers unprotected, strangers allowed to roam unchallenged. The things that people think nothing about and yet they can be the cause of untold misery because they can lead to security breaches.
That is the message from Alan Stenhouse, who runs Scottish business AST Risk Consultancy & Training Services Ltd, amid growing evidence that unguarded moments by employees are the biggest cause of security breaches for businesses.
Alan, who has spent his career advising businesses of all sizes on security, said that employees need to be more vigilant when it comes to protecting sensitive information, adding that businesses must have a Clear Desk policy that is enforced.
He said: “Many businesses view security threats as coming from criminal gangs lurking in the shadows but the reality is that a thief will often look like everyone else.
“A lot of businesses are based in large, multi-occupancy corporate buildings and do not know everyone coming and going on a daily basis so there is a real need to be vigilant.
“We have all been in the situation where someone you do not know walks into an office but you do not feel confident enough to challenge them or you simply assume that a colleague has arranged for them to visit.
“Most of the time they will be there for legitimate purposes but why leave it to chance? Politely challenge why they are in the office and who they are there to meet. All visitors should be escorted when in business premises and be given a visitors badge which should be visible at all times.
“Also, you do not know who is in the building when your working day has finished so the last thing you want is sensitive information at risk should someone enter your office to undertake repair or cleaning activities.”
Alan has recommended some basic preventative measures that employers/employees can take:
Alan said: “These may sound like basic measures to take but it is amazing how many times people leave sensitive information at risk when they are not at their desk.
“A security breach can be catastrophic for a business with penalties even more punitive when GDPR becomes effective in May 2018 so it is imperative that everyone who works there is aware of the dangers.”
The General Data Protection Regulation (GDPR) calls on businesses of all type and size to protect their customers’ information so that their privacy is protected.
GDPR, which is set to replace the Data Protection Act 1998, will come into effect from the 25th May 2018. In the event of a breach, businesses found not to be compliant and cannot demonstrate that they took appropriate steps to abide by the regulation, could receive fines of up to 20m Euros or 4% of their annual turnover.