Information Security is an important part of any organisation and to individuals like us. Somehow, the importance of protecting your personal data has been taken for granted by most people. It is extremely worrying how easily the perpetrator could misuse our data, which puts us at risk should it be used for criminal offences. To name a few, the car that was used in a Bank robbery was registered under our name, or the bank account opened under our name was used to receive money from the phone scammer’s victim, etc.

The same goes for the company’s data, it is important for everyone to be aware and practise the highest ethics in handling the security of the information that we are dealing with every single day. The responsibility to protect the Information Security does not lie on IT alone but for each staff member. Just imagine the impact to the company should any of the confidential data or customer’s data got leaked to the unauthorised person.

Please be mindful that the possibility of data breach from internal is higher than data being stolen from external. The following statistic summarised it well. Be it careless or wilfully, it is best to secure your staff at work first. Please refer to my article “End User Management: Fundamental That Usually Overlooked” for further info.

Source: redteamsecure.com

Here are some general guidelines that we could practice together and do our part in safeguarding the Information Security.

The ethics when being in public places

We could not stop people from socialising or going to public places. That is why, as a staff we should be wary and carry out the highest ethics when being at a public place.

• Do not answer phone calls in crowded places:

It is quite normal for us to receive phone calls from the office after office hours or when we are outside of the office. If you are in a crowded place, please excuse yourself and find somewhere private or less people before you continue the conversation. This is because you will have the tendency to speak louder and repeat your statement due to the noisy surroundings. You will potentially disclose unnecessary confidential information to the people around you.

• Do not discuss work details with friends:

It is also normal for us to sometimes complain or share with our friends over lunch or dinner how busy we are and how exhausted we are. Please refrain from discussing your work in detail because you may accidentally spill out some confidential information that may have adverse impact to your company if that information is known by the competitor.

• Do not leave your laptop and work material unattended:

In the new norm, it is now a normal sight to see workers sitting at restaurants, Starbucks, etc. to do their work while enjoying a cup of coffee and the free Wi-Fi. Please be mindful not to leave your work notes, paperwork, or your laptop unattended when working at this diner. Risk of a laptop being stolen is given, but the most important thing is the risk of confidential information being leaked out unnecessarily.

The ethics when being in office

Even when you are in the office, it is not a safe place for you or ignore the importance of protecting Information Security. Please be mindful that not everyone has the same access and privy of the same information type.

• Never leave your computer screen unlocked when away 

You may be working on a new product or some projects that are on need-to-know-bases only. It is highly important to protect this information from any unauthorised staff. Please lock your computer screen when you are away or set auto lock out idle time in case you forget. However, please don’t put your password on a Post-It sticker and stick at your desk area like the Managers during the 80’s and 90’s era. It is as good as NOT locking your screen.

• Never leave your printed documents at the printer 

This mistake is so common among office workers. They print their document and forget to pick it up while getting distracted to attend to other things. Just imagine if it is a Confidential document or a personal salary information. That is why nowadays, the organisation addresses this issue with ID or Tag printing. The document will not be printed unless you are physically at the printer to confirm the ID and pick up the documents. Not only it helps in protecting the confidential document, but it also saves on papers because we usually print a lot of versions after modification requests from the Supervisor.

• Always adhere to the company’s IT Security Policy 

Take some time to read and understand all the IT Security Awareness or Alerts sent by your company’s IT personnel. The news on malware attacks, new types of phishing attacks, etc. are important to safeguard you and the entire organisation. Please do not ignore these emails as your ignorance may impact the entire organisation should the source of attack originated from you.

The personal ethics

I truly believe that common sense is better than any IT Security products out there because humans are unique. That is why we can see the threats become more and more creative these days to exploit human carelessness and curiosity. We should practise an ethic for ourselves to hold on regardless of where we currently work.

• Never use an open Wi-Fi when you are working outside 

Please remember that there are a lot of bad people out there who are waiting to compromise your system when you least expect it. There is a lot of rogue Wi-Fi which disguise themselves as free Wi-Fi but tapping into your laptops or devices and stealing any vulnerable credentials or information. Hence, if you are working from a Mamak Restaurant, a Starbucks, or a shopping centre, please confirm that the Wi-Fi and the password are valid. 

• Never share your company information on social media 

Nowadays, I see a lot of people who are too open and excited to share everything on social media. The eagerness to create content or to be the first one who posts some news is very worrying. Please refrain yourself from mixing the personal and the official work stuff. For example, you may be too excited that you and your team have won a big contract for your company. Please remember not to disclose the details of the contract won, but enough to celebrate as your hard work has paid off. This is because, you will never know how revealing the details of a new contract may impact your company, especially if it is a government contract as it may fall under the Official Secret Act for sensitive areas (defence, finance, strategic, etc.).

• Always be aware of your surroundings 

I am always amazed how the salespeople are working so diligently going out everyday to meet the customers. Nevertheless, please be aware of your surroundings and always be careful because you are carrying the customer’s data. To seal a policy undertaking for the customer’s insurance policy, would require them to have a copy of all the personal documentations. Even nowadays the digital pdf document is accepted, the risk is still significant as the staff is handling the data with the company’s laptop or tablet. 

Information Security is for everyone

Please take care of our own Information Security because we are the ones going to be impacted should it fall into the wrong hands. Know your rights as a consumer and take some time to learn how the current Act would protect you. Similar awareness and responsibility should be demonstrated in protecting your organisation’s Information Security. Take the ownership and work together as one.