It’s better to be safe than sorry.
There has never been a truer idiom when dealing with sensitive information. If you work somewhere where you access personal information, keeping that information private is as much a part of a job as showing up on time and performing core responsibilities.
Things happen during our workday—we see things, or sometimes we cause things. Things we’re not sure of or that may not feel right to us. In these situations, it is your job to speak up and say something. If you think the security of your company’s information or resources might be at risk, raise your hand and let someone know. It’s better to raise a red flag and be wrong than to stay silent and allow a breach.
What types of behavior or events should you be on the watch for?
A Customer Who Seems “Off”
If you think there is the slightest chance someone is impersonating a customer or employee, bring your suspicions to supervisors. Such a person might guess at their account number, or seem confused when entering the building (like they’ve never been there before). Trust your judgment: if something just feels wrong, it might be because it is. Report the incident.
Data Improperly Stored or Destroyed
Your company probably has strict policies on how data should not only be stored, but also destroyed. You may remember the policies, but your coworkers may not have the same sense of recall. If you happen upon information that has not been adequately protected, or company waste that has not been properly handled, notify your supervisor. Whether it’s a few pages that missed the shredder or an unlocked filing cabinet, it represents a risk for your clients and your company.
You’re attending an industry event with a colleague when they take a break during lunch to send an important email—and it looks like they logged into an unsecure Wi-Fi connection. Don’t just watch them do it—remind them of the company’s security protocol and the importance of encrypting files and only transmitting data over secure networks. You may feel odd at first, but your coworker is likely to thank you. He or she may even pick up your lunch tab!
A Logged In, Unmanned Computer
Forgetting to log out of your computer when you walk away may seem like harmless behavior, but it can pack real security concerns as it leaves your account open to abuse. If you see that a colleague has left a computer logged in and unmanned, say something. Remind that in doing so, someone could sit down at their machine to access company files or to perform malicious actions.
“Here for Repairs” And Other In-Person Tactics
Social engineering can occur in the most ordinary of situations. For example, if an individual comes to conduct repairs, always verify that maintenance was scheduled for that day with your office manager or appropriate office contact point. Never allow anyone to move through the building unescorted.
Remember: Security Isn’t One Person’s Job, It’s Everyone’s Job
If you witness any suspicious behavior, receive any mysterious communications, or suspect that something could potentially expose sensitive information, your best option is to take action. Never question whether or not something is worth mentioning—whether it’s a door left ajar or an unmanned computer logged into a private network.
We often tell ourselves that we’re being “overly cautious” or “it’s probably nothing.” But when the protection of private company and client information is at stake, you can’t be too careful. It’s worth being wrong about a possible threat a dozen times if it means being right once.