Your company's information is proprietary and it's worth protecting. Many companies spend money on a security system for their building, they back up their data and store it off site or they pay a company to come in and shred the data for them, in order to keep the information from ending up in the wrong hands. These automated systems are always there to protect your data, but your employees may be unaware of the value of this data, or may be seeking to exploit it. The human element is the hardest to manage and the easiest to overlook when it comes to data security. A clear and consistent security policy will enable your employees to respect and value your company's ideas and innovations, and guides them in making the right decisions concerning proprietary or sensitive information.
Are Your Employees Aware of Your Security Policy?
With so many vulnerabilities out there now, they should be! Many companies assume their employees are aware that this data is confidential and will treat it that way but a recent survey conducted by Harris Interactive revealed that 54 percent of employees don't follow their employer's security policy. Twenty-one percent of the participants weren't even aware that their company had a security policy. Some employees may not even be aware that their actions are jeopardizing your company's trade secrets.
If you are planning on lowering prices or releasing a new product and an employee tweets about it or posts it to their Facebook and your competitor sees it you may lose your competitive edge costing you revenue or sales.
Different Types of Information Need Different Types of Protection
In your security policy you should outline how each type of information should or should not be shared, for example, "Price lists are not to be thrown in the trash they must be shredded" or "proposals may only be sent from your email in a non editable format". You should also state where and how various "smart" devices can be used to manage or share information.
Here are some specific issues that should be addressed in your security policy regarding multifunction printer (MFP) use:
In your security policy you should outline how each type of information should or should not be shared, for example, "Price lists are not to be thrown in the trash they must be shredded" or "proposals may only be sent from your email in a non editable format". You should also state where and how various "smart" devices can be used to manage or share information.
Here are some specific issues that should be addressed in your security policy regarding multifunction printer (MFP) use:
1. Establish company-wide guidelines for use in scanning and faxing capabilities, make sure employees know what is confidential and that it is their responsibility to protect it.
2. Enable authentication on your devices - if employees must log in to use the device their activities can be tracked.
3. Enable encryption - IT employees need to be informed that this is the standard on devices added to the network, if it doesn't have encryption it doesn't get on the network.
4. Utilize secure printing - make this the default for print jobs containing sensitive data, so the employee must enter a code to retrieve the job and it's not sitting in the output tray for prying eyes.
5. Develop a system to check for breaches - like suspicious usage patterns i.e. after hours scanning or printing when no one is around.
6. Create guidelines for disposal of data like paper and digital shredding or hard disk disposal.
7. Changing the default passwords on a new MFP or modem/router, usually these passwords can be found online in a user guide and will allow access to internal functions of the network device.
8. Consider purchasing a swipe card reader to serve as the "key" to unlock the MFP. If you already have swipe cards for building access, most MFP vendors offer compatible hardware and software. Alternately, assign a unique PIN to your users for access to MFP's.
9. If you are disposing of older devices remove the hard drive if an overwrite program is not available.
10. Make sure users have unique passwords that are changed frequently especially if someone leaves.
11. Backup your data somewhere offsite or in the cloud, a malicious or disgruntled employee could delete data causing a severe and costly disruption.
Data security is not always at the top of every company's list but it should be. Don't let your business suffer from lack of security. Security concerns and features or products that minimize these concerns should be at the top of mind for firms of all sizes. If you remain focused on these strategies you should be able to stay ahead of vulnerabilities.
Share This Article
