As the cyber threat landscape continues to evolve, so too does the sophistication of cyber attacks. We’re all aware of the ongoing work that needs to be done to keep sensitive information safe from hackers and stay ahead of the threat landscape, but there’s another side to the coin, and that’s physical security.
Many offices don't enforce best practices for physical information security, and frankly may just not be aware of them. As their MSP, your job is to educate them on these best practices, both from a technology standpoint and from a physical standpoint.
So, it’s time to put your knowledge to the test. Can you find the six security flaws in this picture?
What Do a Messy Desk and IT Security Have in Common?
Now, this question might sound like the set-up to a really bad joke, but the answer has to do with vulnerability. A messy desk can actually increase the likelihood of a security incident, yet it’s often overlooked when talking about IT security.
Employees with cluttered or messy desks tend to leave USB drives and smartphones out in the open, or they forget to physically secure their desktops or laptops. Should any of these items be swiped or stolen from this desk, it could potentially lead to a security incident.
Below is a picture containing six “messy desk” mistakes employees are prone to committing. These are all bad habits for which to educate employees to stop. Let’s see if you can spot all six:
So, think you spotted them all? Scroll down to check your answers.
1. No Password Protection
First off, we can see that the computer screen and monitor are left on without any password protection. This can be dangerous in an office setting because anyone passing by has easy access to all the information on the device. Thus, it’s critical to lock down screen settings and use password protection.
2. Usernames and Passwords Left Out in the Open
Secondly, user names and passwords are written down on post-it notes and visible for anyone to see. If a non-employee were to see this information, they could easily use it to log into the corporate network or gain access to the company’s confidential information. To avoid this, keep user names and passwords in a hidden and secure place.
3. Un-Stowed Documents
Thirdly, there are notes and documents left out in the open. These documents could contain confidential product updates, information or ideas. Therefore, it’s best to keep them locked up in drawers and file cabinets.
4. Key Is Out in the Open
Coincidentally, the fourth mistake here is leaving behind the key to a locked drawer or cabinet. This makes it extremely easy for anyone to swipe, come back later—perhaps after hours when no one is around—and access confidential files with the stolen key.
5. Where's My Wallet?
The fifth mistake, which is more likely to impact the employee, is leaving wallets and credit cards out on the desk. However, wallets may also possess corporate credit cards and security badges, which can allow intruders to enter the office or steal the company’s finances.
6. Devices Housing Sensitive Information, Ripe for the Taking
Finally, setting mobile phones and USB drives out in the open can be dangerous because these items are easy to pick up quickly without being caught in the act and they likely contain sensitive business or personal information. Specifically, mobile security is increasingly becoming a big concern as more and more companies adopt Bring Your Own Device (BYOD) environments. And even in cases where a business does not offer BYOD, end users often find a way to log onto business networks on their own. Therefore, swiping a mobile device off the desk could allow anyone to potentially gain access to sensitive information and the entire corporate network.
While some of these may seem like obvious fixes, and some of these may seem redundant, it's important for all of your employees to understand where company and/or personal data can be easily stolen. Maybe it's a repairman in your office who sees the opportunity to steal confidential personal data, maybe it's just an office visitor who glances over and sees confidential information out in the open. Either way, there needs to be someone to conduct cyber security training as well as physical security training to educate employees on security best practices—and for your clients, that responsibility typically falls on you as their MSP.
Handpicked for you:
By Steve Lowing
By Meaghan Moraes