Data Destruction and Disposal
Companies often forget about data once they stop using it day-to-day. Leaving outdated data on sunsetted systems increases your potential exposure in the event of a data breach. Ensure that data no longer actively used is properly disposed of and devices that contain data, such as laptops, old hard drives and USB drives are properly DoD data wiped or destroyed. Retired company laptops may still retain recoverable data on their hard drives even after formatting. A policy-driven culture enforcing proper destruction and disposal of retired equipment is best practice.
Shared or Weak WiFi Passwords
Allowing employees or guests to share a single WiFi password prevents you from controlling who is accessing your company network. Once a person has your WiFi password, they can access your network at any time, even from outside your building’s locked doors, or potentially after you have terminated them, leaving you with no control. Users should always connect to WiFi using a unique username and strong password that company staff can enable and disable as needed. Company policy should always enforce users to use strong passwords so your Wifi password cannot be guessed or compromised.
Once a user logs into a computer, they potentially have access to sensitive company information. If they get distracted or leave their computer unattended, it leaves your company data open to potential theft or exploit. Ensure that all company computers are set to automatically lock the screen after a defined time interval, e.g. 15 or 30 minutes and then require a password to log back in.