In 2016, more data breaches were reported in Australia than anywhere else in the Asia-Pacific region. Ransomware attacks quadrupled, and are expected to double again this year, driving growing fear for information security in Australia. With cybercrime on the rise, it’s critical to actively think about your office habits.

Smaller businesses often make the misguided assumption that because of their size, they’re not at risk of information security threats. This is not the case. Even the smallest business possesses valuable information assets, which must be protected with proactive measures. The humble office space has a number of surprising weak points in the protection of your company information. 

Here are 8 office habits that could be risking your data.

1. Leaving Documents at the Printer or on Desks

Hard copy documents (especially when private or confidential) should not be left at the company printer to be picked up by administration, fellow staff members, or visitors. Businesses should only allows employees access to the information that is relevant to their role, which means junior staff shouldn’t be able to view important reports as they use the scanner. Likewise, sensitive paperwork should not be left exposed on desk tops, or in places where it is easily retrievable. 

2. Allowing Staff To Freely Use Removable Media

Removable media including USB sticks, removable hard drives, digital cameras, smartphones, and bluetooth devices have the ability to transfer and hold large amounts of data. These devices are less detectable, and pose a major security risk to businesses. Unsolicited transfer and storage of company information is easy for employee’s to disguise, which is why a formal removable media policy usage policy is essential.

3. Using Company Email for Personal Use

Many people use their professional email to register on websites, create personal accounts, or sign up to promotional material. These websites may not be secured, making them vulnerable to hacks, granting access to your company through professional email information provided by employees.

4. Using Automatic Replies With Detailed Information

Automatic replies are a convenient way to inform clients and coworkers when you are out of office, or on leave. However, providing details such as the holiday or business trip you are going on, the project you're handling, or the date you will be returning, is not a good habit. This type of data is collected by social engineers, who can use that information to contact colleagues under false pretenses. If there are important clients who may be reaching out to you while away, send them a personalised message ahead of time. 

5. Poor Password Etiquette

Simple passwords are weak passwords, and they’re staggeringly common. In fact, the five most common passwords in use on the internet are: 

• 123456
• 123456789
• qwerty
• 12345678
• 111111

Company policies should be put in place to ensure staff create strong passwords, preferably using a mixture of numbers and upper and lower case letters. Effective passwords are a company’s first line of protection, so the same passwords should not be used across multiple user profiles and accounts.

6. Interacting With Unknown or Questionable Websites

Using company laptops, desktops, and smartphones for personal activities can be risky. Browsing unsecured websites, illegally streaming, or clicking on links and attachments without proper scrutinisation puts company data at risk. Staff members should be educated on device use expectations.

7. Ignoring Security Updates 

It’s easy to click ‘remind me later’ when software updates appear on screen, however delaying security updates can damage the effectiveness of your defense. Remember, the software was updated for a reason.

8. You Have No Information Security Management System

Information security management systems involve assessing security risks within your business, and executing security measures to combat potential threats and vulnerabilities.

In information security management system that is compliant with ISO 27001 (the international standard for information security management systems) can be your company’s most effective defense in the protection of your valuable information assets.

To learn more about what an information security management system can bring to your business, download your free copy of our popular Whitepaper below: