September 22, 2015
By Anthea Mumby
When it comes to securing ‘cyber assets’ (any programmable electronic devices and electronic communication networks), many architects and design professionals think of only mitigating risks such as e-mail spam, phishing schemes, and malware that could infect their computer systems. However, cyber assets can also be compromised physically.
In fact, design professionals are especially susceptible to cyber asset attacks simply because of the nature of their work. They have so much valuable customer and business information stored on electronic systems and these physical systems need protection. The following six steps will help ensure the safety of the systems.
1. Secure company facilities
It is easy to think about physically securing a company’s facility as merely locking the doors and keeping files in locked cabinets. However, maintaining facility security also includes the physical environment of public spaces. For instance:
2. Minimize and safeguard printed materials
The client-centred nature of designing makes it likely that client documents will be printed in hard copy at some point. While this may be necessary in some instances, the most effective way to protect sensitive information is to minimize the number of documents stored in this manner. Procedures should be established limiting the number of copies of printed reports, memoranda, and other material containing PII.
Copies of material containing sensitive information should be safeguarded by providing employees with locking file cabinets or safes. Employees should be trained to understand that simply leaving the wrong printed material on a desk, in view of the general public, or even clients who are visiting the office, can result in consequences affecting the entire company and customers.
3. Ensure mail security
The mail centre can introduce a wide range of potential threats to a business. To determine the potential threat from mail, the number of people having access to every piece of mail coming through the door should be calculated.
Next, a mail-handling procedure, clearly outlining who receives the mail and how each piece is handled, should be established. It only takes one missing document to expose the company and clients to risk of fraud, theft, and other financial damages.
4. Dispose of trash securely
Too often, sensitive information, including clients’ PII, company financial data, and system access information, is available for anyone to find in the trash. Business-grade shredders are convenient for employees and can properly dispose of sensitive documents.
Alternatively, subscribing to a trusted shredding company providing locked containers for storage until documents are destroyed can also be a safe method of disposal. Standard procedures and employee training programs should be employed to ensure everyone in the company is aware of what types of information need to be shredded.
5. Dispose of electronic equipment securely
Emptying the recycle bin or deleting documents from folders on a computer may not destroy information forever. Those with advanced computer skills can still access information even after it has been conventionally deleted.
When it comes time to update computer hardware, disposing of the outdated equipment requires skilled specialists to ensure the security of sensitive information contained in the equipment.
If outside help, such as an experienced electronic equipment recycler and data security vendors, is unavailable or too expensive, the computer hard drives should, at a minimum, be removed and shredded. Risks with other types of equipment associated with computer equipment, including CDs and flash drives, should also be considered.
6. Training employees in facility security procedures
A security breach of client information or a breach of internal company information can result in a public loss of confidence and can be devastating to a business. If one client experiences such a disaster, it is likely to spread to other customers, causing a loss in morale.
In order to address such risks, devotion of time, attention, and resources (including employee training time) to the potential vulnerabilities in the business environment and the procedures and practices must be a standard part of each employee’s workday.
While formal training is important for maintaining security the daily procedures established for normally conducted business and normal security measures are equally important. In short, security training should be stressed and reinforced through daily procedures and leadership modeling.
Anthea Mumby is the CEO of Mumby Insurance Brokers and has more than 25 years experience in the industry. She is the author of the popular Insurance Exposed book series has been honoured with the People’s Choice Award as ‘Best Insurance Agent’ for two consecutive years. She can be reached at email@example.com.
Source URL: https://www.constructioncanada.net/six-ways-to-protect-cyber-assets/
Copyright ©2022 Construction Canada unless otherwise noted.