Editor’s note: The following commentary, sponsored by NetStandard, is the first in a two-part series exploring information security. The opinions expressed in this commentary are the author’s alone. Scott Minneman is the information security manager for NetStandard, and oversees internal security and SOC 2 compliance.
If you walk away from your desk, even for a brief moment, do you lock your computer? You may not think it’s a big deal, but leaving your computer unlocked is a lot like leaving your car running with the doors unlocked.
As the world begins to return to the office, let’s take a look at why you should take caution to always lock your computer when you’re away.
In the past few years, more than 250 million confidential business records were reported lost or stolen and those data losses did not all originate from external threats. Employees, even with the best intentions, often are the source of these breaches — and leaving your computer unlocked is one of them. How could such a common practice be so dangerous?
Let’s take a look at a few numbers:
- According to IBM, the average total costs of a data breach cost more than $3.86 million ($8.64 million in the U.S.) and took about 280 days to identify and contain.
- According to Verizon, 34 percent of data breaches in 2018 involved internal actors
- Varonis reported that 62 percent of breaches not involving an error, misuse, or physical action involved the use of stolen credentials, brute force, or phishing
- Finally, the Herjavec Group is projecting that a business will fall victim to a ransomware attack every 11 seconds in 2021.
You might be surprised at just how much you have on your computer that’s worth stealing, and you can see the costs of ignoring the things you can control. Whether you’re an accounting firm or a manufacturer of automotive parts, you should take time to secure your computers and protect your data today.
Fellowes’ Workplace Data Security found that 81 percent of office employees have access to documents containing sensitive workplace information — and leaving your computer unlocked is a great way to expand who has access to this information.
- Employment Termination — If an employee that is leaving the company, be sure to have a process that is immediate and complete. A departing employee will have access to your data and have the ability to download and sell your client list to competitors or use it themselves if they are recruited by a competitor.
- Create system policies to automatically lock computers after a set amount of time. Make this an enterprise-wide setting that cannot be altered by your users
- Conduct training sessions with your employees to teach them the importance of locking their computers when they are away, whether in the office, at home, or on the road.
- Enable two factor/multi-factor authentication to your systems
Not locking your computer is like surrendering access to your files, whether personal, confidential, or public to unauthorized persons. Next time you leave your computer unlocked just remember, anyone can gain access to your computer and modify, remove or even share data from your computer.
Scott Minneman is the information security manager for NetStandard, and oversees internal security and SOC 2 compliance. He also works with NetStandard’s customers to guide their security programs. In previous roles, Scott has been a trial attorney, IT technician, operations director, and Clarity CTO.