Information Security: Vulnerability

When talking about safety of information, “Security Breach” on a loudspeaker throughout a large bank where a heist is taking place seems to come to mind. Or, perhaps, when thinking of an information breach as a hacker typing furiously away in a dark room using complex algorithms to chew through the firewall system of a company.

Simply put, those scenarios are the smallest types of breaches. The bland truth of the matter is that most data breaches are either data stolen off a hard drive that was not encrypted or information that was accessed via file share by employees in an unsafe manner.

The Data Breach Investigation Report published by Verizon states that physical theft/loss and data misuse from employees compile more than one third of all data breaches. The theft, most often, occurring within the victim’s own work environment.

Understanding where the vulnerabilities lie within your own company, offices, technology, and employees will allow you to protect your business against them. Here are some guiding topics to assess your company’s vulnerabilities:

1: Device Security

Technology, such as tablets, computers, and cell phones, are tools that are best served when locked. Just as you would lock your home or your car door, technology requires a password. Additionally, just like a security system adds a factor of safety to your car and home, encryption adds a layer of security to your devices. These items we do not give a second thought to protecting, but we often we forget to protect one office item in particular – our printers, a commonly used office item.

Many different kinds of sensitive documents are fed through printers every day. It is easy to overlook the use of printers as a danger to security, especially for larger companies. However, printers operate by storing the information inputted into them, such as documents to be scanned, printed, or copied. If left unsecured, the information stored on printers is relatively easier to access than an employee’s computer, tablet, or cellphone. Without anyone noticing, almost completely anonymously, the information stored on printers can be swiped. Printers, if not protected, can leave your business doors wide open.

Fortunately, there is hope. Implementing protection on your company’s multifunction printer, such as a password to access the printer, is both possible and can be done for a low cost. Additionally, encryption of the printer’s hard drive or data overwrite can offer a further level of protection for the information that has the potential to be stored on the printer itself. The door to your company is once again closed and locked.

2: Employee Preparation

To error is to human. That is why giving your employees the best preparation, or training, they can get to know the ins and outs of data protection is necessary to maintain security throughout your office. Dull and seemingly common sense, security awareness is easy to overlook, but deadly to your business if done so. Security is in everyone’s hands, not just those that work in the IT or security department. Helping your employees understand their role in security is one of the most important ways to protect your business.

Guidelines are key. Common sense is not so common. Rudimentary and even mundane rules need to be communicated clearly and be reminded regularly. Even simple rules, such as not sharing or writing down passwords need to be explained and taken seriously by the leaders of the company.

Education on technology devices, such as the risk of using flash drives – small, portable, and easy to lose, is necessary for the employee. Educating employees on how to store USB devices and what brands to use (such as flash drives that provide encryption software) are good to mention. Other technology education may be needed for how to enter and exit the office properly, such as in the case as card access to the building. Additionally, educating employees about how to recognize and report any suspicious activity is a competency everyone in the office should know how to do.

3: File Protection from the Inside

It is a great start to think about protecting devices and educating employees on safe practices to secure your business from external threats. But, what happens when the threat comes from within? Even the best passwords and biggest firewalls cannot protect from internal theft.

Making information available to those who need that information is critical for your business to run smoothly. On the flip side, only giving access to information that is necessary to perform one’s job effectively is equally as important. Uncontrolled or unrestricted access given to employees could backfire, so making smart choices about who needs what information is crucial to mitigate potential internal threat.

Finding the cracks

Documents being stolen or lost is an issue everyone is familiar with, but equally as forgetful about. It is now easier than ever to share sensitive information with modern printing, electronic storing, and sharing applications. Stratix Systems can help you find the cracks in your file storage and protection and employee education and then fill them up to help your company run safely and smoothly.

The bottom line: If growing your business, while controlling costs, is on your mind, it’s time to talk with Stratix Systems.

 

Want to know more?

Our experienced systems experts would be happy to answer your questions, help you explore your options and develop a customized plan for you. Learn more at stratixsystems.com or call us toll-free 1-800-444-2943.

Scroll to Top