How Boredom Can Compromise Your Firm’s Security

What do you do at work when you’re bored? Make a cup of tea, browse social media or chat with your colleagues? You probably wouldn’t intentionally give away any corporate secrets, yet that’s exactly what happens when some employees become bored…

Feeling Distracted?

A recent survey by Centrify revealed workplace distraction to be the single biggest cause of security problems. Almost twice as many people attributed data lapses to boredom than overwork, with a third of respondents blaming errors on not being fully engaged. By contrast, password sharing was cited by just 4% of those surveyed as a reason why corporate information was jeopardised.

In isolation, data security breaches are unfortunate, but it’s the potential for collateral damage that really underlines the importance of keeping staff on-message between 9am and 5pm. Data breaches typically result in a 5% drop in share prices for listed companies, and a 7% rise in customer churn as disgruntled clients transfer their business to ‘safer’ rivals. Even worse, according to the DTI 70% of small businesses suffering a major data loss will go bust within a year.

Though employees clearly have to accept responsibility for looking after sensitive information, bosses can always do more to minimise the risk of data security breaches:

Technical

1. Close or log off devices when not in use. Everyone appreciates the importance of not leaving a corporate laptop on a train, but many others think nothing of leaving a laptop logged in on their desk while they go for lunch. Yet the same risks apply.
2. Set automatic time-out logouts. Alternatively, devices can log out or go offline following a period of inactivity. Flirting with the new marketing assistant and being logged into the company accounting software are mutually exclusive activities.
3. Explain why confidentiality is important. If staff understand the significance of data security, they’re more likely to be diligent. Provide training that explains the risks of phishing and unsafe file downloads, encouraging vigilance at all times.
4. Deploy 2FA. Even if someone is careless enough to expose their password, it won’t be useful without a PIN code or ID. Insist on passwords containing a mix of alphanumeric characters, and delete accounts as soon as people leave the firm.
5. Streamline software systems. Legacy systems often create data silos, requiring staff to move between different programs. Each proprietary system has its own login credentials and weaknesses, so install reliable software systems that do everything.

Practical

1. Consider social media or smartphone bans. Some staff need mobile devices on their desks, but most people have no reason to be on Twitter at 11am. Many call centres already have clear desk policies, relegating mobile devices to lockers and bags.
2. Keep staff busy and motivated. Employers need to assign challenging yet realistic workloads, while ensuring productivity levels are being maintained. Overwork can be a problem, but someone with a lengthy to-do list will rarely procrastinate for long.
3. Minimise administrative duties. People easily tire of mundane tasks like scanning, potentially compromising the very documents they’re in charge of. Outsource or automate if possible, freeing people up for more responsible (and engaging) duties.
4. Encourage employees to take ownership. Mentoring, secondments and training make people feel more invested in a business. Invite staff with specific expertise to chair meetings or provide training, expanding their repertoire of skills beyond core duties.
5. Set long-term goals. If a senior staffer has a few free hours each week, could this time be spent working on an open-ended project? It might be a strategic review, new data security procedures, or something they can tinker with in quiet moments.