BSU/IT Security Smart Winter 2016

Issue link:

Contents of this Issue


Page 0 of 3

SAFEGUARDING YOUR SECURITY AND PRIVACY AT WORK AND AT HOME NEWSLETTER WINTER 2016 WINTER 2016 SECURITY SMART 1 T HE PONEMON INSTITUTE recently sent researchers to snoop through 43 offices belong- ing to seven large corporations, and they were able to snag sensitive com- pany information in 88 percent of their attempts—just by looking around. In about half of the offices, the first piece of sensitive information was spotted within 15 minutes. The corporations had agreed to par- ticipate in the study. The researchers had valid identification as temporary employees. Management knew they were coming, but the office staff did not. The researchers spent up to two hours in each office, wandering around, taking pictures of computer screens, picking up documents marked "confi- dential" and putting them in their bags, all deliberately within full view of the regular employees. In the vast majority of the cases, the regular office staff did not ask any questions or confront the researchers in any way. Even when a researcher pulled up an Excel spreadsheet on a computer and took a picture of it with a cellphone, most workers did not react. "We expected to see someone say, 'Hey, what are you doing here?' at that point," said Larry Ponemon, chairman and founder of the institute. But out of those 43 trials, a researcher was confronted by a com- pany employee only seven times when taking pictures of the screen, four times when it looked like he was stealing con- fidential documents, and twice when wandering around looking at things on people's desks, computer monitors, printers, copiers and fax machines. Only once did someone report the strange behavior to management. Information collected included staff directories, customer information, financial data, access and login creden- tials, and confidential documents. Success rates varied based on the layout of the office and what type of work was conducted there, said Ponemon. For example, researchers found it easier to gather information in open-plan offices compared with private offices or cubicles. Areas related to customer service, communications and sales management were more vulnera- ble, while legal, accounting and finance were least vulnerable. IT help desks and data center operations fell rough- ly in the middle. The five of- fices in which the research- ers got nothing were all R&D departments. The study was sponsored by 3M; researchers looked at whether computer-mon- itor privacy screens make a difference. "It made a small difference," said Ponemon. "It's harder to see what's on the screen." In addition to privacy screens, factors that made a noticeable difference in the amount of information collected were clean desk policies, standardized docu- ment shredding policies, suspicious reporting processes and mandatory employee awareness training. Staring Problems How visible is sensitive or confidential company information in your workspace, and how likely are you to notice if someone is checking it out? For more information on staying safe online here at BSU or at home, contact

Articles in this issue

Archives of this issue

view archives of BSU - BSU/IT Security Smart Winter 2016