Consider running an internal campaign that encourages employ-ees
to have a plan for when and where they will securely destroy
printed documents and to use alternatives to printed documents
whenever possible.
Travellers should also be cautious as to what documents they
leave unattended in hotel rooms. Documents such as travel itin-eraries,
presentation slides, credit card slips and boarding passes
contain an enormous amount of confidential information that
if compromised put employees at a heightened risk for iden-tify
fraud. It is a best practice to see if the hotel has a document
destruction service that can be used to safely destroy confidential
documents no longer needed.
3. SMART DEVICES
The introduction of new smart devices, wearable tech and the
Internet of things (IoT) means technology is expanding – and
with it the number of access points that exist for a data breach.
When it comes to employee travel, personal devices such as smart
watches or connected cars could pose a risk if they’re connected to
your company’s network. Data security for smart devices is some-thing
all employers will have to address in the near future as it’s
predicted that more than 25 per cent of cyber-attacks will involve
IoT by 2020, according to technology research firm Gartner.
Even if your company has security measures in place for
Internet-connected devices, such as password requirements or
separate networks to pass sensitive data, it’s critical that your
employees know which devices could pose a security risk and how
to use them. Consider incorporating a section on smart devices
into your regular information security training.
4. TRAVEL DOCUMENTS
Boarding passes contain personal information that can compro-mise
your employees on their travels. According to cybersecurity
experts, a boarding pass can give a fraudster access to a traveller’s
seat number, frequent flyer details, fare paid and last four digits of
the credit card number used to purchase the ticket.
security
TRY INTRODUCING AN INTERACTIVE
EXERCISE TO YOUR EMPLOYEE
TRAINING SESSIONS THAT
SIMULATES REAL PHISHING
EMAILS AND REVIEWS THE
COMMON SIGNS THAT INDICATE
AN EMAIL IS FRAUDULENT.
While a breach of information from a boarding pass may not
put your company at risk directly, as an HR professional you want
to help your employees protect themselves from identity theft
whenever possible. As part of your training for vacation data secu-rity,
encourage employees to use electronic boarding passes or hold
on to their paper copies until they are able to shred them securely
at a hotel or at home.
5. EMAILS
It’s important for your HR team to help employees build up the
skills to easily identify a potential email threat, wherever and
whenever they happen to check their emails. Try introducing an
interactive exercise to your employee training sessions that sim-ulates
real phishing emails and reviews the common signs that
indicate an email is fraudulent.
As an HR professional, you have the responsibility to develop
company practices that keep employees healthy and safe, inside
and outside the office. This is the perfect time to give your employ-ees
a valuable refresher on information security best practices to
keep themselves safe and secure over the summer. n
Monu Kalsi is the vice president of Shred-it.
HRPROFESSIONALNOW.CA ❚ MAY 2018 ❚ 25