In the business world meetings happen on a regular basis. They occur all the time and with the conversations and planning notes have to be taken in order to retain and review later on. With all the worry around mobile devices, laptop security, using personal storage locations for business use there’s one tool that is often ignored.
This tool is so overlooked and in my experience never had any real focus on from a security point of view that I see it as a big hole and a risk to your business’ information. That tool is the plain notebook and pen.
A majority of employees still use a notebook and pen to record notes, data, and knowledge about the business. However, when is the last time on an employee’s departure have the business asked for the notebooks along with the computers, phones, and supplies? I cannot remember such a request. Depending on the employee, a simple paper notebook could be a risk to your proprietary business information you aren’t thinking about.
Think about the kind of data people freely write down –
- Sales projections and figures for the upcoming quarter
- Business contacts
- Plans for a new product or service
- Stock discussions
- HR related information on a person’s performance
- Layoff plans
- Personal thoughts about a situation
All of those pieces of information could be damaging at many levels from internal business politics to shareholders if that information got leaked. Over the course of a career some employees may still be using the same notebook in different jobs potentially causing a conflict or confidentiality breach. So why aren’t companies and security teams controlling the use like a laptop or database?
When you think about some of information that could be retrieved from the notebook of say the Director or HR or Security, look at how casually notebooks are handled. You will see them laying around on desks overnight, tucked away in a corner in plain sight, left on conference rooms as people step out. A paper notebook will have nothing at all to protect the contents. No passwords, no locks, nothing to keep them from being quickly read or disappearing altogether yet they potentially contain as much proprietary information as private emails.
In the security space you could easily make the case to prohibit the use of pen and paper record keeping and force it to secure digital method. At the time an employee leaves you want to keep the business information, as best as you can, within the business. When you take a step back and look at the types of things you write down in your notebooks during meetings think about what would happen if you left the book behind and someone else picked it up. What would they find and what could happen?
End of line.
Binary Blogger has spent 20 years in the Information Security space currently providing security solutions and evangelism to clients. From early web application programming, system administration, senior management to enterprise consulting I provide practical security analysis and solutions to help companies and individuals figure out HOW to be secure every day.