January 29, 2018 –
As an IT support company, we spend a lot of time obsessing about the technology we use to keep our customers’ data safe and secure from cyber criminals. But if you’re not into all that tech detail, what steps can you take on your own to protect your data? Are there non-technical security measures you can take?
Absolutely. When we implement a data security solution we think about a multi-layered approach that goes beyond the technology. In fact, one of the most critical elements is the people factor. Careless behavior by employees is a leading cause of data breaches. And while not malicious or intentional, the security breach is still a very painful reality for small and midsized businesses.
So if you’re not a techie, what are the things you can do to improve your data security?
Non-technical Data Security Tip #1: Secure the Physical Environment
One of the best things you can do is help protect your physical devices is to lock the screen. Whenever you’ll be leaving your desk, you can quickly lock the screen by pressing the windows key plus the “L” key simultaneously (for other cool tricks with the windows button check out our blog post from last week). Locking the screen will prevent others from casually walking by your work area and seeing confidential or personally identifiable information (PII). It also helps to protect your machine if someone walks off with it. When they try to log in they won’t have access without your username and password.
Non-technical Data Security Tip #2: Speak Up!
While it might feel a bit uncomfortable, don’t be shy. When it comes to protecting the data security for your business you should speak up. Employees should be encouraged to speak up if they see something suspicious. If there’s someone who doesn’t belong in the building or area, a strange package left in an odd location, or even an email that just “feels” a bit off to the employee, they must take steps to notify management immediately.
Non-technical Data Security Tip #3: Keep Your Work Area Clean
While a messy desk might not seem important, it’s an important part of a strong overall approach to physical data security. Messy desks and conference tables can encourage misplaced security credentials, like a badge or key card that is left on the desk and not noticed by the employee with the rest of the clutter. They leave for the day and anyone walking by now has a working keycard. This is also true for confidential printed information that should have been filed securely and was inadvertently left out in the open.
Non-technical Data Security Tip #4: Watch Your Tail
Talk gaiting is a tried and true method for cyber criminals. It’s considered a form of social engineering and it’s a tactic that is still in use today. (To read about other social engineering scams click here). With tailgating the assailant follows an employee into a building or secure area and counts on someone holding the door for them or not noticing them at all. Employees are embarrassed and uncomfortable admitting they don’t recognize someone, so they don’t say anything. Don’t be embarrassed! Speak up and remind them they need to use their own credentials to enter the building or area.
Privileged access is any access that is unique to a specific set of employees. Keeping your badge secure and ensuring people don’t follow you into secure areas is key. However, even if you don’t have access to a secure area, if you see a door propped open that shouldn’t be or a reception desk or security desk unattended report those security incidents to management.
Non-technical Data Security Tip #5: Hide Your Screen
Anytime you pull up confidential information on your screen you’re at risk of others seeing your information. Whether it’s someone passing by your desk in the office or looking over your shoulder at the airport, it’s all-to-easy for others to see information that should be kept private. To protect yourself, invest in a privacy filter. Privacy filters are a great way to prevent those around you from seeing your screen and potentially stealing confidential information.
For more information on how to protect yourself from cyber criminals, review our Data Security section or contact us. We can provide the IT support and data security you need to protect your business.