This is not a post about Halloween or urban legends, but something that can be just as scary. We are talking about those hidden threats – places you would not always think of when considering the security of your network.
The scariest of all is the one you don’t think of much, but it knows you. It knows everything that has passed through the office. Every document printed, every copy made, every file scanned. It is just down the hall, waiting. No, it is right behind you!
Of course we are talking about the copier/printer/scanner. Almost every piece of office equipment you can turn on these days has a computer inside of it. Many of those store a record of everything they have done during their time in service. When it is time to replace or upgrade those items, it is important to have a plan in place to ensure that data cannot be recovered later. (See, for example, our Office Equipment Disposal Policy.)
This same logic applies to computers, cell phones, fax machines, and even some typewriters (don’t get me started on the ribbons…). If you use electronic locks on doors, what data is stored there? What is stored on your router? Your firewall device?
There are services available that will permanently destroy/shred the hard drives or other storage components from those devices. Some service agreements will include this in them for the end of the contract. Or you can take your shovels, rakes, and other implements of destruction (I am partial to a nail gun or sledgehammer) and take care of it yourself. Just remember- safety first!
Another source that is often overlooked – your vendors. Who else has access to your information (paper and electronic)? The usual answers are cleaning crew, client management system, cloud storage provider, etc. What about the service you use to send newsletters to clients? Payment processors? Payroll processors? File sharing sites? Tax software? Billing systems?
You should be aware of who has access, what is accessible, what security they employ, and what controls you should put in place to limit unnecessary access.
Finally, when you do take that vacation to a warm and sunny place (or a cold and snowy one if you prefer), make sure you don’t inadvertently put your data at risk. No, I am not talking about what you are leaving behind or securing at the office. What are you taking with you – a phone, a laptop, a tablet?
Most recently New Zealand announced that they consider electronic devices fair game for searching – and if you do not give them access, you are subject to being arrested and being fined up to NZ$5,000. Not to pick on New Zealand – it is a great place to visit and the people are quite friendly aside from this law – many countries consider electronic devices to be searchable when entering the country (the U.S. included). Consider bringing a device that has been wiped of any confidential or protected information. Many practices use cloud-based solutions for file storage, email, and client management software. So there is no loss of productivity by not having that information directly on your phone or computer. Or you can buy a cheap “burner” phone for your travels, leave the computer at home, and not think about work for a while!
Knowing how to handle potential threats in your office will prevent you from being tricked into a breach and your treat will be a good night’s sleep and a relaxing vacation!
Did you miss any of our "Cyber Monday" blog series?
Check them out here: