When you look at “security” and the big picture, it always seems to come down to the decisions made by the Chief Security Officer (CSO) and Chief Information Officer (CIO). Besides what can you really do to help keep things safe? Isn’t that Security’s job? There is more to it than you think, however the most important asset to your company’s security is you. Believe it or not most companies get compromised by attackers exploiting their everyday workers. These attackers are usually more successful by exploiting many “small fish” in the pond, in order to compile information and vulnerabilities about your business, then they are with that one time “big fish” style attack.
So what can you do to help? Well, working in an Information Technology company we’d like to admit that talking about user security is what we do. Most of the time the reason people get exploited, is due to poor user awareness and we have written many blogs and conducted a lot of training on this. Things like Social Engineering and Password Security make up a lot of what we teach. For some great information on those you can read about them in the following blogs:
Now that I have covered common security flaws in relation to IT Information Security, let’s dive into the focus of this blog. Today I will be discussing the habits people miss, that makes them easy targets in relation to the security of their individual work spaces. For this I’m going to use the Phrase “That looks ODD”. ODD being an acronym for Office, Desk, and Device.
Depending on whether you have your own office or you share it with others. The first thing you should do is, ensure your office is secure when no one is present or during non business hours. If you have an alarm or camera system, make sure they are armed and operational. Second is be vigilant with your fellow employees, if someone is acting overly strange, like they’re hiding something or sneaking around it might be time to inform your supervisor. This doesn’t mean you should act like you are a CIA operative, trying to dig up information on all of your colleagues. This is more like, if you notice any changes their behavior then maybe it should be looked into further. You may also want to be cognizant of visitors to your office space, is someone wondering with no purpose or no badge, it might not hurt to ask them if they need any help. Last is the common areas, sometimes people leave important things setting around that they accidentally left or misplaced. This is your opportunity to return it to the owner, secure it until you find its proper place, or report it to your security team. Now what if your office is too large or too crazy and these suggestions are just too much? What else can you do? Let's move to the next step.
No matter how many people are around, or how big your office is, there is usually always someplace that you have that you are in control of. It may be a temporary desk, or in my case when I was a cop it was my patrol car. But no matter where I am and what I was doing, that space it is mine and I am in control of it. First thing is make sure you don’t leave any information out for display that all eyes can see. Bulletin boards, dry erase boards, and even stick notes, should not display important information. If you have a lockable desk drawer or filing cabinets that contain sensitive or important information, ensure they stay locked unless you are physically accessing them and their contents. At any time you leave your desk, even for a short time ensure you secure any important paperwork that is sitting out in the open, and lock your computer screen when you are away. Think of the term “out of sight, out of mind” when it comes to items like this. This brings us to our last subject.
Now that you know to lock your computer screen as you step away and keep things out of sight, let’s discuss other tips for your device. When I use the term “Device”, I am referring to electronic devices that you may use for your everyday job. Obvious things like computers, tablets and cellphones come to mind first. But what about printers, fax machines, scanners, mobile radios or anything else that you may need to perform your duties. You should always ensure they remain secure. Something that is handheld can be carried with you. Devices that cannot be brought with you should be locked away so that they require credentials in order to access them. Another thing that helps unauthorized access is physically locking up devices when they are not being used. For example chaining or locking desktop computers to the desk to deter theft is also a practiced method at some businesses. If someone can take your device to another location, they have unlimited time to try to access it. Another fail safe is to have a remote disable function that will allow you to restrict access in case it is misplaced or stolen.
In conclusion, all those small things you do every day can make a big difference. Just starting with one small thing first, can jump start you to create good security habits. Each small fix can then strengthen your company’s security posture. The next time you are in your office space, or sitting at your desk and think “That looks ODD”. Take a few seconds to think about a way to improve the security of the information that is around you.