They’re among the bugbears of a security manager – and they’re public; sloppy behaviour that may go against stated security policies; that make you appear an easy target. Staff not wearing their pass while in the office or forgetting to take it off when they leave work. Computers left unlocked when staff are away from their desks. Staff continuing sensitive discussions outside the meeting room; or sensitive documents being left out for anyone passing by to see. Sensitive materials being destroyed inappropriately, such as not using a shredder. Staff ignoring company security policies and measures; and letting visitors walk around the office unescorted or without a pass
As the official Centre for the Protection of National Infrastructure (CPNI) puts it, how your employees behave in the workplace can have a real impact on the security risks and vulnerabilities your organisation faces. Security breaches of any kind can result in loss of revenue, productivity or share price; they can damage an organisation’s reputation; they might result in confidential data being leaked; or worse, they can result in physical harm.
How do you change behaviour, or even raise it with your organisation’s majority of non-security staff without falling on deaf ears, or even alienating them further? CPNI offers a ‘Back to Basics’ campaign kit, such as posters, screensavers, stickers and booklets – downloadable at http://www.cpni.gov.uk.
Visit http://www.cpni.gov.uk/advice/Personnel-security1/Workplace-behaviour-campaign/.
Likewise, CPNI offers materials for the security manager that wants to run a campaign on staff digital footprints. That’s the data that’s left behind whenever a person uses a digital service, or someone posts information about that person onto a digital forum, such as a social network. The security risks can include posting or sharing confidential organisational information; or search engines storing search history or smart phones tracking geolocation data which can be exploited by criminals, protesters or terrorists.
Besides personnel security, CPNI also offers advice on physical and cyber security. CPNI covers everything from pre-employment screening to contractors and visitors on-site, social engineering, hostile vehicle mitigation, and ‘bring your own device’ (BYOD) and password policies.
