Commonly held myths about information security can lead to a potential data breach and ultimately have a big impact on a company’s bottom line and reputation. However, these breaches can be avoided when businesses provide their employees with the right training and tools to separate fact from fiction and responsibly manage confidential information.
A recent study shows that 23 percent of data breaches in the past year were caused by human error, yet according to the 2016 Shred-it Security Tracker information security survey conducted by Ipsos earlier this year, only 57 percent of US C-Suite respondents say they train employees more than once a year on how to remain compliant with their industry’s legal requirements for the storage and destruction of confidential information. Results are similar on the small business front, with 28 percent of US small business owners reporting that they never train employees on how to remain compliant with legal requirements or company information security procedures and 22 percent only conduct training on an ad-hoc or as-needed basis.
“Without training and education on how to safely manage, store, and destroy confidential information employees may be unaware of their responsibilities and how their actions can open their business or customers to fraud,” said Andrew Lenardon, Global Director at Shred-it International. “Businesses need to help their teams become more aware of the risks associated with mishandling confidential information to avoid penalties, fines, or damages to their reputation caused by poor information security
Shred-it sets the facts straight on 7 common information security myths:
Myth 1: Erasing data from a hard drive completely removes the information.
Fact: Simply deleting confidential electronic records does not ensure the data stored on the hard drive is completely gone. The only way to ensure confidential information is protected is to remove and destroy the hard drive before the device is resold, recycled, or disposed.
Myth 2: It is safe to dispose of confidential information, as long as the paper is torn into little pieces.
Fact: Torn paper can easily be removed from an unsecure bin and pieced back together. Organizations should have locked disposal consoles and require all documents to be shredded.
Implementing a Shred-it-All policy eliminates the guesswork of what is and isn’t confidential and ensures employees don’t accidentally leave confidential information in an unsecure bin. In addition, shredding also has an environmental benefit because all shredded paper is recycled.
Myth 3: You can confidentially enter personal information on a website if you recognize the source or the sender that sent you the link.
Fact: Scam emails are often designed to look real and may insist that personal or corporate information is needed. Business or personal information should never be entered into a link from an email, even if the site appears credible. Experts recommend typing the website in directly or navigating to it via bookmarks.
Myth 4: You can use your own smart phone or another device at work, as long as it is password protected.
Fact: Although it’s common practice for employees to use their own devices for work, personal devices can create a number of security-related issues. Even if they are password protected, all devices should be encrypted to protect the confidential information stored on them. Bring your own device (BYOD) security programs should also be in place to protect the pathway from the personal device to corporate systems.
Myth 5: Keeping material on my desk at work is safe.
Fact: Untidy workstations pose a threat because loose paperwork on desktops can be vulnerable to snooping and data theft. Organizations should implement a Clean Desk policy and require all documents to be stored in locked filing cabinets when employees are away from their desks.
Myth 6: Messages on smart phones or laptops are private.
Fact: Visual hacking of information on mobile devices can occur almost anywhere. Organizations should provide employees with privacy screens for laptops, tablets, and other mobile devices to keep confidential information safe from prying eyes.
Myth 7: Public Wi-Fi is safe if it is password protected.
Fact: Even when password protected, shared or public internet connections can still expose valuable information to data thieves and hackers. Never use public Wi-Fi for sensitive work information. Organizations should establish policies that encourage employees to connect only to trusted networks for work purposes.
Conclusion
Without the right training on how to work with confidential information, employees may be unaware of their responsibilities and the security risks their actions can bring to the business. By debunking myths and banishing information security bad habits, organizations will be better able to protect their customers, their reputation, and their people.
