Security vs Post it notes and other ‘stickies’
Michael O'Sullivan
Non executive board member SIF, Editor of TPSO Magazine, Co-Founder of GSIP.co.uk & The Violence Against Security Blog. Offering free CPD training for UK security officers. Advocate for better training…
Post it notes and other ‘stickies’ are great for making a quick reminder and sticking it on your PC screen, someone’s office door or whatever. They are hard to miss, usually bright yellow, or custom printed with an eye-catching logo or graphic!
By design these items of stationary are intended to draw the eye!
So, what’s the problem from a security/data protection point of view?
At least one department head in a financial institution banned post it notes from being used by his staff. Here’s why!
He walked around the floors he was responsible for with his physical security team one evening during a clear desk sweep. He found numerous post it notes in plain view with the following information jotted down as reminders:
- IT log in details including username and passwords
- Private contact numbers for senior staff (including his own) and clients of the business
- Access code to the secure fax. This allowed access to history and stored documents sent/received
- An assortment of messages including ‘call locksmith to fix filing cabinet Monday’. Further checking on this one discovered that the secure filing cabinet for that area was jammed open and the highly confidential documents that should have been locked up would have been vulnerable over the weekend. It was also discovered that this potentially serious issue had not been reported to management
Because they are so bright and easy to see, as intended by design, several were spotted in peoples’ bins. As they were found they were fished out and read. Any data thief determined enough to go through a company’s rubbish would have found plenty of useful information via discarded post it notes as well!
One thing we do know about data thieves is that they are tenacious, determined, and always looking for that untapped and unprotected source of information to exploit!
So, incredible as it may seem, post it notes were deemed a threat to data security and banned.
That department head later described them as a ‘data jigsaw’! From many little pieces a very large picture could be created. With enough pieces that larger picture can become very clear!
There are many ways that your business can leak data, have you considered them all?
Michael O'Sullivan
Co-Founder & Editor of The Professional Security Officer Magazine
https://theprofessionalsecurityofficer.com/
? 2018 Peer Publishing Ltd, all rights reserved
The above article may be freely reproduced ‘as is’ subject to author and copyright owners’ details being included. Any other use is strictly prohibited