This workspace contains 10 security mistakes. Can you spot the errors that put confidential information at risk?
Can you spot the 10 security mistakes?
What do you notice about this workspace?
Most desks hold sensitive documents and information that you don't want to get into the wrong hands. A little care and a few good habits can go a long way toward keeping everything secure.
When you leave your desk, do you lock your computer to ensure no one else can look at what you are working on?
In this example, an employee has left their computer open to an email screen with details about travel expenses and other corporate financial information.
Takeaway: While it's not always practical to constantly lock and close applications (or no one would get anything done), certain applications and documents should be given special attention and closed, minimized or locked before leaving a desk. A short auto-lock time for your screensaver can help.
Sticky notes with sensitive information
Your employer expects you to remember ALL of those different passwords? What better way to organize them than to write them all down on a sticky note, right?
Wrong. Even without spelling out exactly what those passwords are used for, an industrious criminal or hacker could use them to gain access to private accounts.
Takeaway: Don't write down passwords anywhere, especially not on display on your computer. Use a simple memory system to keep passwords straight.
Expense reports and client contracts are two types of documents that should not be left out for all eyes to see. Private corporate and proprietary information is the kind of data a competitor would love to get their hands on. Documents left out over night, when cleaning crews or other outside contractors may be in the building, are of particular concern.
(Do people really leave sensitive information lying around? Of course they do - we found violations right in CSO's offices. See our early-morning, snooping-around video version of the clean desk test.)
Takeaway: Put any sensitive paperwork in a locked file or drawer when you're not working on it.
Forgotten printer document
How many times have you printed out a document and then neglected to retrieve if from the machine? In this example, the employee has left a bill for a toll-fees account out for all to see. Bank account information might be found on this document, as well as travel itinerary information that could be considered private.
Takeaway: Retrieve all documents from the printer immediately and store them in an appropriate, secure location.
The recycle bin or wastebasket is another place where employees make security mistakes. In this picture, an employee evaluation form is left out for anyone - from cleaning services, to another employee - to find. This is a violation of the employee's privacy, and likely of many corporate privacy policies as well.
You'd be amazed at the stuff that gets carelessly thrown out.
Takeaway: Consider what you're throwing away before you pitch it. Many documents should be shredded for privacy and security reasons.
Smartphone left on desk
This smartphone is out for anyone to glance at, and has received a text regarding an executive's travel plans. Corporate travel - particularly trips requiring executive protection - should not be available for just anyone to view. That's just one example. What kinds of texts or other information might be available to someone who picks up your smartphone?
Takeaway: Take your smartphone with you when you leave your desk. Always have it locked with a strong passcode to prevent compromise.
These keys could open doors to server rooms, document storage, or other places that should have good access controls in place.
It's also clear what brand of car they belong to in the parking lot. If the lot is fairly empty, how long until an ambitious car thief finds their way to it?
Takeaway: Store keys in your pocket or purse.
Bag sitting out
What's potentially inside this bag? A wallet? Sensitive corporate documents? A laptop not docked and in use? Chances are this bag has plenty of goodies that thieves would love to get their hands on.
Takeaway: If your bag contains valuables, keep it with you or lock it up.
Easy access to files and folders
Our example employee has a place to store files, folders and documents, but it's left unlocked and is easily opened. It would take a motivated thief mere seconds to grab and dash away with any one of the many files in this storage space.
Takeaway: Lock your document storage areas, such as cabinets and drawers.
Vulnerable USB stick
Much like the unattended bag we saw earlier, this USB stick promises the potential for many rewards for a thief. Is there private data on there? Propietary information that might be valuable to a competitor? All the thief needs to do is grab it and stick it in a pocket to find out.
Takeaway: USB sticks, like bags, purses and sensitive documents, need to be locked up and secured when not in use.
Whiteboard covered with writing
This white board includes names from a client list, and other financial figures that the employee's company might not want to fall into a competitors hands. Easily viewed from outside the office through a window, the information written on this white board is open for anyone to see, even those with bad intentions.
Takeaway: Use white boards appropriately and privately. Clean off information that could be considered sensitive (or get one of those nifty whiteboards with security features). Consider the position of your desk and workspace when it comes to windows and doors. Could someone easily spy on you?