Recent events like the Colonial Pipeline shutdown illustrate the financial and legal ramifications associated with successful data breaches. Most companies now understand the need for robust digital security policies as similar high-profile cyberattacks continue to make headlines.
Unfortunately, the accelerated implementation of digital security measures has overshadowed the need for physical security. Yet, physical security is equally important as digital security.
A cluttered desk is a significant physical security risk and a playground for malicious actors. It may sound like simple common sense, but tidying your desk and work area is an often overlooked component of data security. It’s also the perfect place to improve your overall physical security habits.
The following list represents ten messy desk mistakes employees are prone to commit, which could cause irreparable harm to the business, the employee, co-workers, customers, and business partners.
10 Cluttered Desk Mistakes to Avoid for Improved Data Security
A messy desk makes it more difficult to realize something is missing, such as a folder with hard copy print-outs of customer lists. A cluttered desk means that the discovery of any theft will likely be delayed — perhaps by days or even weeks if the victim is out of the office or distracted by competing projects or priorities. Such delays make it challenging to determine who the perpetrator is and where the stolen material might be located.
Encouraging yourself, your team, and other coworkers to maintain a neat desk pays off in two ways. In addition to making digital and paper assets more secure, people with clean desks are more apt to be productive and happy because they can quickly — and safely — access the tools and resources they need to do their jobs successfully.
To improve your cybersecurity posture, let’s learn more about the top ten messy desk mistakes to avoid.
1) Leaving Computer Screens on Without Password Protection
Anyone passing by a computer without password protection has easy access to all the information on the device, the information on the company network, and other data storage locations from the device or user profile logged in. Employees with unlocked computers may be held responsible for disruption or loss originating from their workstations, so be sure to lock down screen settings.
2) Forgetting to Shred Documents Before Discarding
Any document may contain sensitive information, even if it’s not apparent at first glance. Information that may seem useless to many — such as old customer records, purchase confirmations, used boarding passes, or even your personal email address — could potentially be used in a cyber attack if it gets into the wrong hands. It’s best to shred or file every paper document rather than take a risk.
3) Failing to Close File Cabinets
Speaking of filing documents away, it's only effective if you remember to close the file cabinet afterward. Open file cabinets make it easy for someone to steal sensitive information and more difficult to realize a theft has occurred.
Better yet, ditch those antiquated file cabinets altogether in favor of a digital document management system (DMS). These paperless systems are more secure, flexible, customizable, and even searchable — so misfiled documents won't be as much of a pain anymore. Plus, many of these systems can be remotely accessed from a web browser, which is a nice upgrade compared to your big old metal filing cabinet, especially for those who need to be productive outside the office.
4) Leaving Mobile Phones and USB Drives Unattended
Mobile phones and USB devices typically contain sensitive business and/or personal information. These devices are easy to pick up in passing without being caught in the act. The preview message on the locked screen of your phone could potentially divulge sensitive data/info to wandering eyes. Employees may forget to encrypt USB drives, making it easier for individuals to access private data. Ensure your USB drives are encrypted and all mobile phones are password protected.
5) Neglecting to Erase Notes on Whiteboards
Whiteboards often display confidential information on products, new ideas, and proprietary business processes. Make sure your staff erases all notes before leaving the conference room.
6) Leaving Backpacks Out in the Open
Backpacks often contain devices or physical documents with sensitive information. Employees should never leave bags in common rooms and other high-traffic areas to minimize the risk of theft. Instead, encourage your employees to take their belongings to their workstations and use quality physical locks for added security and peace of mind.
7) Writing Login Credentials on Sticky Notes
Writing user names and passwords on slips of paper or post-it notes is also a big no-no, especially if you leave them out on your desk, stuck to the edge of your computer monitor. This is especially important, given user names and passwords are typically used for logging in to more than one site.
You may think it's no big deal for people to see the login credentials for the site you use to make those cute grumpy cat memes that your co-workers love. However, those credentials could be the same or use similar components to those you use to log in to sites with confidential info. Don't make life (or hacking yours, as the case may be) any easier for cybercriminals.
8) Leaving Behind a Key to a Locked Drawer
Leaving behind a key to a locked drawer makes it easy for someone to come back later — perhaps after hours when no one is around — and access confidential files, personal belongings, and other contents that were locked up in the drawer. You wouldn't leave your car key out on the hood of your car, right? This is the same concept.
9) Displaying Calendars for all to See
Calendars often contain sensitive dates and/or information about employees, customers, prospects, and new products. Leaving them in the open for all to see or on a computer screen when you walk away from your desk could be a major security risk. Just think of how easily someone could snap a photo and capture your proprietary info to share with or sell to competitors. Yikes.
10) Leaving Wallets and Credit Cards on the Desk
A lost or stolen wallet can have a considerable impact on nearly anyone — if nothing else, it’s a huge inconvenience. Wallets may also possess corporate credit cards, security badges, and other items that open a business — and even potentially its client accounts — to vulnerabilities.
Data Security: Beware the Physical Threats Inside Your Office
In today’s fast-paced world, where employees are always on the go, it takes too much time to determine whether documents, USB drives, devices, and other items contain sensitive information. The safe bet is to ensure everything is filed, locked up, or properly destroyed. As the old adage goes, it’s better to be safe than sorry!
Remember, data security goes beyond online behavior. Businesses need to understand the offline security threats that commonly occur inside their office. Individuals who want to steal sensitive data will exploit any physical security vulnerability to gain access to valuable company assets, whether taking advantage of workplace security, social norms, or unattended devices.
Holistic cybersecurity starts with taking inventory of online and office security tactics. Companies incorporating digital and physical security measures are better positioned to ward off dangerous cyber threats, including ransomware, phishing, and social engineering attacks.
Businesses ready to improve their data security should request an IT assessment from an experienced managed service provider. They provide deep technical insight to help you select the cybersecurity technologies and related services required to safeguard data and maintain a safe, reliable, and compliant business IT infrastructure.
Editor’s Note: This post was originally published on June 14, 2016, and has been updated for accuracy and current best practices.