Everyone has a cell phone these days. This is probably one of the more obvious observations that I could make but one worth pointing out. Why? I’m confident that you would be hard pressed to find a cell phone these days that DOESN'T have a camera if not video and audio recording capabilities. This translates to the possibility that many of your employees are carrying around some type of recording equipment in their purses and pockets and bring it in to work every day. This should be a red flashing light and at the very least, a valid cause for concern.
If an employee has confidential or
sensitive information displayed on their screen, someone could easily take a quick snapshot with their cell phone camera, pocket the phone and no one would be the wiser. Sure, this information could just as easily be printed out and pocketed but using a device such as a cell phone camera is much quicker and far less conspicuous. Many pictures can be taken and stored on a flash card in less than half the time it would take to print the same information.
Another security risk posed by cell phones is that many have audio recording features. Conversations in person or over the telephone can easily be recorded, stored, and even emailed to another individual or group of individuals, right from the cell phone.
So what can be done? You obviously don't want to completely ban cell phone use in your environment but there are some precautions you can (and should) take. First off, train your employees to lock their workstations when they are unattended. In the Windows environment this is as simple as holding down the Windows key and pressing "L." If company cell phones are issued, make sure to purchase models without a camera or video and audio recording capabilities. Perhaps even designate a part of your office for personal cell phone use; preferably an area away from computer systems or printers. Maybe limit cell phone use on company property altogether.
Whatever you
decide, try to be creative. You can bet that the individuals who aim to exploit sensitive information will be creative in their methods to try and avoid detection. Once a decision has been made, be sure and add it to your information security policy and get the word out to your employees.