Here at Anchor Security Team we offer free annual security audits for our clients. However, once a year is not often enough. In fact, we recommend having these audits done quarterly. Still, no matter how many audits you have, no matter how good your antivirus is, at the end of the day there is no substitute for having a culture of security. Having a culture of security means your employees and coworkers are mindful of security risks and adhere to best practices in their day to day activities on the job.
So how does one build a culture of security? Changing a workplace culture is all about consistency. So rather than waiting until your yearly Anchor Security Team audit to talk about security in your workplace, why not take a stroll through the office and give yourself this easy, five minute, self checkup?
Do you or your employees work with sensitive customer data or intellectual property information? One thing to watch out for is a messy desk. While walking through your office, take note if an employee is away from their desk and has left information exposed on documents and notes. Depending upon your business, this information could be collected by a client, custodial staff, maintenance person, or other insider threat, and used for malicious purposes.
These days it’s hard to believe this is still a concern, but it sure enough is. Just last year, after the Hawaii Emergency Management Agency terrified everyone by sending out a real alarm instead of a drill, a photo went viral of an employee from the agency, posing at work in front of a computer that had a password on a Post-It stuck on the monitor. While you’re on this office stroll, make sure your employees’ monitors are Post-It password free.
If your business has a front desk or conference room, really anywhere that it would be normal to encounter someone from outside of the company, you will want to check a couple things. First you’ll want to ask yourself if this area is monitored. Does your front desk employee go out for lunch and leave the desk unattended? Next, how accessible are the USB ports on the computers in this area? These are important things to check because it only takes a minute or so to snag something off of a desk, take a peek at the internal extensions on a phone, or plug in a malicious USB device and walk away.
This last item is easy to check. How hard is it for someone who is not an employee to walk into your office? Is there anyone or anything to stop them from wandering around inside? I say it is easy to check because you can probably think this one through from your desk. When you come in to work, how many coworkers do you pass on the way to your desk? After walking in the front door could you walk into the copier room or conference room without making contact with an employee? Give it a try on the way back from lunch today, you might find yourself alone in a room with an Ethernet port, which is all anyone would need.
These four simple tasks are just a few of the many things you can be doing to set a culture of security. While being aware of best practices in security is a great start, much more needs to be done in order to change your workplace culture to be more secure.