January 16, 2017

Information & Cyber Security Myths: Fact vs Fiction

Busting the Big 5 Information & Cyber Security Myths – do you know fact from fiction?

We’ve reached that time of the year again when businesses across the nation will be looking at budgets, contracts and their plans for 2017. Information security must be at the forefront of your planning.

To help you protect your workplace, Shred-it is busting 5 commonly-held myths.

MYTH 1 - wastepaper or recycling bin

Confidential information can be thrown into a wastepaper or recycling bin as long as it’s torn into little pieces.

If you think tearing up confidential documents before disposing of them removes the risk of a security threat, then think again. The reality is that it is much easier to reconstruct torn up documents than you may think – even documents that have been through a workplace strip-cut shredder can be reassembled.  

Put a ‘Shred-it All’ Policy in place – a company-wide instruction that all paper documents should be securely cross-cut shredded when they are no longer needed.

MYTH 2 - documents at desk is safe

Keeping documents on my desk at work is safe. 

We’ve all been guilty of allowing our work area to become cluttered. The bad news is that workspaces are a hotbed for sensitive information. Implement a Clean Desk Policy – this requires staff to lock away all information when leaving their workstation and is a must for any business that wants to take data security seriously. 

MYTH 3 - knowledge about confidential

My colleagues know what information is confidential and what isn’t.

If you’re not 100% clued up on what exactly should be treated as ‘confidential’ then the chances are your colleagues won’t be either! It’s easy to make a mistake when you don’t know your facts – 95% of all security incidents involve human error[1].

The solution? Better training. Businesses need to ensure that training programmes are truly tailored to their employees and are carried out on a frequent basis (monthly rather than yearly).
 

MYTH 4 - smart phones protected by password

Using your own smart phone or another device at work is fine as long as it’s password protected.

Employees being allowed to use their own devices – known as BYOD (bring your own device) – can greatly increase the risk of a data security breach as the security on personal devices is not always adequate. Even if they are password protected, all devices should be encrypted to protect the confidential information stored on them.

If you allow your employees to bring their own devices, then make sure that you have dedicated security programmes in place to protect the pathway from the personal device to your corporate systems.
 

MYTH 5 - erasing data from hard drive, solved

Erasing data from a hard drive completely removes the information.

Once data is erased from a hard drive, the information is gone for good, right? Not true. Deleted files and highly confidential data can almost always be recovered by a determined individual using the right technique and equipment.

Physical destruction will ensure the equipment is beyond repair and the data is irretrievable. While technology is dramatically increasing information security capabilities, old-school physical destruction of unwanted hard drives is strongly advised.

[1] IBM Security Services 2014 Cyber Security Intelligence Index