During the dot-com bubble of the late 1990s, I was working for one of the larger Commercial Property Firms in the City of London. Having let out thousands of square feet of mid-town office space, often previously empty for years beforehand, to dozens of whizz-kid entrepreneurs, the bubble finally burst in 2000. In a space of a few months we had to re-enter (on behalf of various landlords) office after office where the ideas had given way to the harsh reality of a funding dry up and an inability to actually deliver a profit.
This is not a lecture on the lessons learnt over that particular period (to be honest, I’m pretty sure that greed will always overrule the lessons of the past anyway) but what does stick in my mind from that period is the huge amount of data left in the empty offices. Hard drives, racks of paper records, loose receipts, books of names and addresses shoved in waste paper bins, all left totally open for anyone to pick up or abuse. This was, no doubt, happening in dozens and dozens of abandoned offices across the country. The memories always comes back to me when I hear reassurances about data-security and it has strongly shaped my views on how companies need to watch some of the more unusual routes data can be (mostly accidentally) allowed to leave the building if you take your eye off the ball! What are some of these?
- The waste paper bin! It’s all too easy to screw up a bit of paper you’ve been scribbling names and telephone numbers on all day and chuck it in the bin. It’s a big no-no. Likewise, when sorting out that pile of stuff that’s been sitting around on your desk for days on end, make sure there are no sensitive pages or letters stuck in the middle of an old trade magazine before you bin it.
- Trays next to the photo-copier. Ever printed to the wrong printer? Of course you have! Have you ever forgotten you’ve printed out something and someone else has then used the same printer and stuck your stuff into the tray next to the printer or copier? More than likely. Where is all that material ending up? Check and ask questions. It may well end up being placed into the waste bin. Not good!
- The cleaner. It’s not the cleaner’s fault. They are told to clean the office not work out what is sensitive client material or not. As they wander round the office or meeting rooms they could be picking up forgotten or abandoned documents and… boom… they’re into the black bin liner and gone! That is until the bag splits and they are found on a dump or in the street by a curious passer-by. In one avoidable mistake the reputation of your Company is finished!
- Mobile phones and tablets. These often carry text messages from and to clients, client notes and phone numbers, often connected very clearly with your Firm. Make sure staff are properly securing their mobile devices and home based lap tops.
- Home offices. Staff often take files out of the office even with strict signing out procedures in place. Staff sometimes photo-copy letters and documents to refer to when working from home. Once they are out there then those documents can often find their way into home bins etc! Your firewall is only as good as your staff procedures on data handling.
These are just five areas where your business can be caught out by a data breach. Make sure your office manual clearly addresses these areas and more importantly make sure your staff are aware of the risks. An occasional wander round the office on a Friday afternoon can reveal a lot of client data lying around in places where it really shouldn’t be! Have a word with the fee earners or support staff involved and make them aware of the potential seriousness of a breach.
Chris Hunter email: firstname.lastname@example.org