Michael Glasser, CPP, PSP, PCI, CISSP, CEH
President, Glasser Security Group LLC
Most people don’t think about office security on a daily basis, until it becomes a major news event. These are some tips you can apply in your workplace to make you and your coworkers just a bit more secure.
Do your own shredding
Where do you keep your secrets? Most companies keep the majority of them digitally but at times they need to be printed. Once printed, where do they go?
My guess is your office has a shred bin; a locked box where the contents will be destroyed by a third-party company. If so, you have clearly identified to everyone (including insider threats) where you are keeping your secrets: in a thin plastic box with a cheap lock.
Do your company a favor, buy a shredder and shred your own secrets.
Keep it clean
Do you know who walks around your office at night? How often are cleaning crews, building maintenance staff, and contractors in your space? What’s on your desk? Would you be upset if it was gone in the morning or if someone took a picture?
Requiring a clean desk policy is a simple and effective improvement that helps both the company with security and with general office appearance.
Protect yourself from yourself
Cultural and community variations exist from location to location and company to company. However, one thing is always consistent; insider threats happen.
Did cash go missing? Perhaps an account was lost to a competitor and then your employee went to work for them? Did a groundbreaking company secret left on your kitchen table wind up in the background of your kid’s selfie?
Creating a culture of security with education for all employees, testing, training, and the support of company leadership is the best way to combat these types of insider threats. Make it clear what will and will not be tolerated. Help employees understand what the intentional and unintentional results of their actions may be.
A bit of good security hygiene goes a long way. Start with the basics and when you’re ready for more, call an independent security consultant.