Work Area Security

We’re here to answer your questions.  This is a resource for community banks and credit unions to find reliable and informed answers to IT, cybersecurity, and information security pain points and challenges.

Questions About Work Area Security

Anonymous Customer: In a recent external IT audit, we received a recommendation to remind employees periodically about the importance of work area security. Adherence to the clean desk standards outlined in our End-user Acceptable Use Policy was not enough for the auditors. Can you share ideas for keeping work area security top of mind?


At Safe Systems, Inc. we regularly engage with our customers to assist with issues resulting from IT and information security exams/audits. We have noticed a renewed trend in high expectations for work area security.

Keeping NPI secure has always been a top initiative for FIs, however, an emphasis on physical security standards has taken a back seat in recent years to the increased focus on cyber risk and technology-based controls for data security. Distributing the annual End User Security Standards document with the expectation of a signature is not enough to satisfy auditors. Keep in mind that you may have new hires who have never worked in the financial industry and may not be aware of the acute importance of ensuring the confidentiality and security of NPI. Building a strategy of cyber resilience with a multi-dimensional approach makes the best sense. This is especially important when talking about the weakest link in the security chain, our people.

A multi-dimensional approach includes the following tactics:

  • Frequent communication – “lunch and learn” security awareness sessions, email reminders, posters, incorporating physical security standards into the online cyber awareness training material, etc.
  • Awareness – during the business day, keep an eye out for unlocked monitors, customer information left on desktops, and data in trash cans (versus shred bins).
  • Physical walkthroughs – conduct periodic (after-hours) physical walkthroughs with feedback
  • Make it fun – incorporate a scavenger hunt, provide prizes (candy anyone?) for adhering to clean desk standards, shredding, locking drawers, etc. Find unique ways to recognize positive efforts.

Similar to the impact of email phishing testing, a renewed focus and effort in work area security will increase awareness and encourage a thoughtful approach to everything security.

SHARE

JOIN THE CONVERSATION

Get notified of what’s new

RECENT TOPICS

PAST GURU ARTICLES

Ask a Question, Get an Answer!

Ask a question and our compliance experts will email you back!

Explore Other Risk Management Articles