Ten simple ways for employees to help protect company data and assets

You’ve decided to get away from your desk for lunch, but you’ve forgotten your access card. Since you only have a few minutes, you prop open a door. Seems harmless, right? Unfortunately, it’s a move that creates some risks.

“Most company information isn’t lost by electronic hacking, it’s lost through individuals’ mistakes or lack of knowledge of how to protect information,” says Eddie Everett, senior vice president and national director of the global services department for risk consultancy Control Risks.

These 10 tips can help you avoid some common security blunders and give yourself, and your company, peace of mind.

• Be alert. Be aware. Challenge unknown people in the office—this can be done in a manner that is both direct and courteous. Ask unaccompanied strangers wandering the halls where they are going and if they have a visitor ID. Someone who is supposed to be there won’t mind the question.
• Prevent tailgating. We like to be polite, so we hold doors open for the people behind us, even if theyre strangers. That’s not a good practice to get into in any workplace area that requires authorized access. If you don’t recognize the person following you through the door, ask for ID.
• Trust your gut. If something doesn’t look right, it probably isn’t.
• Remember the clean desk policy. Conceal sensitive documents within your workspace, especially when you’re working with confidential information.
• Secure your laptop while in the office. It takes a second for someone to snatch a laptop, and with it your company’s intellectual property. Securing your laptop is much like locking your house—its just a good habit.
• Don’t leave PDAs or thumb drives lying around. They’re even easier to pick up than laptops.
• Don’t assume that everyone who walks through your building is a friend of the company. If something looks wrong, get help.
• Be aware that other people will access open workspaces when you’re not there. After hours, cleaners and maintenance workers come through. Plan accordingly.
• Keep quiet. If you’re discussing sensitive issues regarding your company or clients, be sure only those you’re conversing with can hear you. As Everett points out, “it’s quite amazing what you can overhear in an elevator.”
• And for those traveling on business—do you need all of the information you have in your briefcase? Probably not. Work on the assumption that you might lose what you’re carrying, and make sure there is nothing on your laptop that is mission-critical to your company.

From the August 2008 Security Smart employee awareness newsletter.