It's important to educate and reinforce physical security measures to protect your company from insider threats. Often insider threats consist of well-meaning employees who make poor decisions involving security. There's a variety of mishaps that take place at work.
Employees hold open the door for uninvited guests. They go against the security policies of the workplace because they are trying to be polite to others. Or perhaps they use a weak password (that is easy for them to remember) ignoring the policy guideline.
Other times employees forsake security risks to be more productive. They do not follow the written policy in an effort to save time. The employee walks away from his/her desk to use the restroom without locking their computer screen or locking up sensitive documents. Another example is walking away from a copier or fax machine that is processing private information before retrieving the document containing the sensitive information.
Some employees are easily scammed by social engineering techniques. These targeted employees are often public facing and inadvertently give away information that could be used to gain access to restricted areas or to private information all while having a friendly casual conversation with a visitor. These employees are friendly by nature and may leak confidential information during a lunch break without even realizing it.
Another type of breach of information is when employees fail to secure data that is no longer used. Failure to dispose of old records is one example. Clear computers's data before disposing of them. Data shared with third parties must also be managed carefully.
Train your employees about security and then test their knowledge. The best way to test them is to present them with fake exercises. For instance consider hiring a cybersecurity professional to perform a social engineering exercise at your company. Discover where the vulnerabilities lie with your employees' security behaviors and react by reinforcing the education of your employees and adjusting policies where needed. Post a list of security best practices to remind your employees to make the right choices.
Failure to recognize and appropriately address insider threats in the form of well-intended employees could be a costly mistake. The safety of your company's sensitive information is dependent on the implementation and ongoing practice of security measures that engage all employees and create an overall security conscious culture. Your employees are your greatest asset, but also your greatest point of vulnerability.