If you work with a computer (as you probably do), you almost certainly handle a lot of documents: some financial, some technical, some confidential. And then there are the perhaps hundreds of e-mail messages that arrive every day. However careful you are, there’s likely to have been at least one occasion when you sent a message (with or without documents attached) to the wrong recipient.
In security terms, that’s a data leak. A study we carried out last year found that about one in three leaks results in someone getting fired. But leaks can occur not only because someone sent important documents to the wrong person, but also because of bad access settings. That kind of problem is what we address in this post — seen not through the eyes of the employer, but rather from the point of view of an ordinary employee tasked with handling documents without causing problems.
So, here are a few tips to help you stay on the right side of data clutter — and avoid causing a data leak at work.
Don’t take work home
When you don’t have time to finish something during working hours, the logical thought is to take it home. But consider that in addition to the traditional argument about striking a healthy work/life balance, good security practice cautions against it.
At the office, security is the responsibility of your company’s IT security team, which implements all sorts of policies and uses services that keep data securely stored, computers protected, and so on. Services for companies are usually more secure and configurable than are apps and services for individual users. For example, in OneDrive for Business, Microsoft employs several levels of data encryption and lets companies block the sharing of documents with all and sundry. OneDrive for ordinary users has no such features.
The upshot is that if a data leak occurs because of bad security policies or because your work computer is insufficiently protected, the security team is to blame, not you.
But as soon as you take work home or start using external services for storing work documents, you’re taking full responsibility for the security of this information and for ensuring that it does not fall into the wrong hands. And there is no shortage of ways in which this information can get lost or accidentally spilled.
The possibilities run deep. For example, a link-shared Google Docs can be seen not only by the recipients, but by search engines. Or someone might steal your non-password-protected laptop. Or someone could connect to your smartphone through a USB charging port at the airport.
Don’t forget to revoke access rights
It should go without saying that collaborating on documents is very convenient and a near-ubiquitous practice — and that the ability to specify who can access a document makes life a lot easier. Problem is, in real life, many people assign access rights and forget to cancel them.
Let’s say you and a contractor were working on a task together, but the contractor’s part of the job is done. You forget to revoke the contractor’s access to documents. The contractor then signs on with a competitor, who is more than happy to learn your secrets. No prize for guessing what will happen to you when your team leaders find out, as they surely will.
To avoid that kind of situation, carry out regular checks of work documents to keep on top of access rights. If an employee quits or is fired, immediately check to see which documents you personally gave them access to, and withdraw it. When an agreement with a contractor expires, do the same.
Don’t share information with colleagues that does not concern them
As our recent study showed, 30% of young employees and 18% of the older generation are willing to share work computer or other account login credentials with colleagues. That such people are in the minority is good. But the fact that they exist at all is less so.
For one thing, your colleague might have underhanded motives and deliberately spill confidential information. If this information is officially available only to you, it is not hard to guess where the finger of blame will point in the event of a leak.
Second, even a conscientious employee could accidentally delete or mis-send an important document from your computer. The lack of any malicious intent on their part will not let you off the hook.
So, what you divulge to colleagues should be subject to the same procedures as in any other case. By revealing something, you are essentially giving your colleague access to information. And we have already described above what can happen when access is granted too liberally.
Put your mail in order
Ever sent a message to the wrong person? It’s bound to have happened at least once. Or forgot to remove someone from the cc list with awkward consequences? Yeah, we know, it happens. The reason is usually haste and inattention. Here’s a simple life hack: To avoid or at least minimize the occurrence of such situations, create a label (say, Sensitive) and put it on all messages with sensitive content. Now when sending or replying to such a message, you will spot the label and recheck the recipients and information to be sent.
Incidentally, there is another reason you should keep your mail in order. Everyone’s mailbox contains documents or messages that are periodically needed. And taking more than a minute to find them because you don’t remember what to search for is terribly inefficient. So it’s never a waste of time to organize and sort messages into folders.
Tidy up at home
Our study also indicated a close correlation between habits at home and those at work. In other words, if your home is a mess, your workplace is likely to be the same, and so is your digital life. So start small to help cultivate good habits when it comes to organizing your digital workspace.