6 Desk Security Mistakes Employees Make Every Day
From passwords on sticky notes to sensitive contracts left in a pile by the printer, many office workers make the same basic security errors. Even our CSO staff is not immune to these common no-nos - but they are easy to fix (includes video)
By Joan Goodchild , Senior Editor
January 23, 2009 — CSO — You've checked all of the entry ways in your office building, you have surveillance technology in place and IT assures you that your firewalls are bulletproof. But have you checked your staff's desks? That may be one of the largest holes in a company's security plan. Desks and other work spaces often have items on or around them that contain sensitive information, and that information can be dangerous if it gets into the wrong hands.
Just how vigilant are employees when it comes to keeping sensitive information secure at the office? We tested our own staff here at CSO to see how secure the desks are in our offices (see video). Also, employees can check their own security smarts by taking The Clean Desk Test). As we found out, even at a security publication, some staffers are pretty lax about keeping information safe. (And yes, we got our CEO's blessing before we went snooping around.)
Here are the top errors we encountered in our after-hours inspection.
Writing passwords on sticky notes
This was probably the biggest offense we noted when we walked around the CSO office after hours. Several employees had sticky notes on their computer monitors with passwords and/or personal ID numbers written on them. While employees may have a difficult time keeping track of all of their passwords, writing that information down on a piece of paper and leaving it out for all eyes to see is never a good idea. Keep in mind that after the office closes, many strangers can access the work space. One can never tell when a person might try and use employee passwords to compromise an account.
Writing sensitive information on a white board
Staff often brainstorm together and write down their ideas on a whiteboard. Several offices here at CSO had whiteboards. We found one with client names and billing information written on it. The information would have been very valuable to any potential competitors. After a work session, employees should put information in a less obvious place and put it away after hours. Advise staff to erase all whiteboards regularly.
Leaving sensitive documents on the desk
Also on several desks, we spotted detailed client contracts with billing terms. Like the whiteboard, the information might be valuable to competition. But depending on who views it, the client's information might also be used for ill-gotten gains. Any documents with sensitive data belong in a locked drawer or container.