Canadian HR Reporter

items at risk By Paul Saabas A lthough many employees may feel safe while travelling for business, there are data breach vulnerabilities around every corner, with devastating repercussions. In 2017, more than 24,000 records were compromised in an average data breach, according to the Ponemon Institute. With so many records at risk, employers must be aware of their areas of vulnerability. Employees who are unaware of proper policies and processes can be the biggest risk to organizations. Sharing passwords, carrying sensi- tive information unnecessarily, and leaving information unattended in public places can leave an employer at risk. More than half (51 per cent) of U.S. consumers re-use passwords and PIN numbers, according to a 2018 survey by Shred-it with 1,200 respon- dents. What's more, 49 per cent of consumers believe their own security habits make them vulnerable to information fraud or identity theft, with nearly 30 per cent confi rming they do not shred documents containing sensitive information before throwing them out. While travelling, employees must be vigilant in keeping their personal information safe and be mindful of those around them — not only on days of travel, but when they have settled in at their hotel or workplace. Employers have an active and critical role to play in ensuring em- ployees are taking the appropriate measures to safeguard information. e top fi ve items most at risk of fraudsters include: Mobile devices: One in four breaches in the fi nancial services sector are due to lost or stolen devices, according to a 2016 Bitglass report. While thieves often re-sell stolen laptops, tablets or smartphones, there's a lot of valuable information saved on these devices, too. Employees should ensure they never leave their device unattended, password- protect it, and carry it close to their body to avoid being pickpocketed. Confi dential papers, data: Minimize the confi dential data employ- ees take with them when travelling, and have them only take documents that are necessary. If possible, employees should securely shred confi - dential paper documents that are no longer needed. When not in use, Wi-Fi and Bluetooth should be disabled, and a virtual private network (VPN) should be used in cybercafés, public areas and hotels. Internet of things devices (IoT): Smart devices such as fi tness track- ers and heart pressure monitors connect to the internet to send and receive information, but it's important for employees to remember that if they can access their data remotely, it's possible a cybercriminal can as well. ey should take care to never leave gadgets with default passwords, and instead set new and strong passwords and keep the de- vice's software up to date. Employees should also disconnect IoT devices from the internet (or turn them off completely) whenever they don't need them. Travel documents: Confi dential information is stored on boarding passes and passports, millions of which are reported lost or stolen around the world every year. Before a business trip, employ- ees should scan a copy of their passport and email it to themselves. IN FOCUS RELOCATION /TRAVEL ey should also lock passports in the hotel safe and never leave travel documents — such as boarding passes, car rental documents and airline tickets — behind. Travel documents should be securely shredded when the trip ends. ID and credit cards: Credit card theft and identity theft both involve a criminal assuming a false identity. Credit cards can be kept safe by employees packing only essential ID, credit and debit cards, using safe ATMs in public areas, shielding PIN entry and monitoring credit cards regularly while abroad. Remote-work policies Considering that employees are less likely to be diligent with data secu- rity while they're out of offi ce, it's critical for HR professionals to priori- tize information security training for travelling employees. Eighty-six per cent of C-suites and 60 per cent of small business own- ers agree that the risk of a data breach is higher when employees work off -site, according to a 2018 global study from Shred-it. And while most C-suites in Canada (91 per cent) provide training on information security to employees, only 35 per cent of small business owners have a policy in place for storing or disposing of confi dential information while working off -site. Fifty-four per cent have no policy at all, found the survey of 1,002 small business owners and 100 executives. With remote work becoming a growing workplace trend, it is critical that businesses adopt a remote work policy to keep proprietary and confi dential information secure at all times. ese steps can help with the implementation of such a policy: Gain buy-in from senior management: It is best to have the support of senior management to encourage adoption and compliance. Work with IT: Work with IT to ensure employees can connect to a secure VPN to remotely access their data. Make sure they are available to support remote workers throughout the day. Create a communication plan: To share the new policy with team members, plans should take into account the specifi c communication methods at an offi ce. For some, email may be enough; but for others, the communications may involve posters or town hall meetings. Develop a breach notifi cation process: Ensure there is a clear and well-understood process for employees to follow if a breach does occur. is is important as it will allow the employer to act quickly to minimize the damage and take further preventative action. Monitor and update policy: Conduct regular pulse surveys to moni- tor policy adoption and fl ag any concerns that arise. Be sure to update the policy to refl ect the feedback of employees. Finally, to help keep employees and the organization secure, consider adding a component to employee training that covers information security while trav- elling or relocating. Paul Saabas is vice-president of Shred-it Canada in Toronto. For more information, visit www.shredit.com. while travelling Credit: GaudiLab (Shutterstock)

• Cover