4 Ways Employees May Compromise IT Security
As a business owner, you understand the importance of being cautious with your valuable and confidential information. Unfortunately, the security of data and files does not lie solely in your hands.
Although your employees may be loyal and trustworthy, occasional carelessness or lack of IT policies could cause company harm.
Around 87% of businesses have experienced a security breach due to lack of policies and regulations. This post highlights four ways employees may unintentionally compromise your business’ IT security.
1. Not Protecting Devices
According to a Trustwave survey, 70% of people do not use pin numbers for their phones, making private information vulnerable. If employees have access to company information on their devices, it is crucial they keep them protected. From laptops to tablets to smartphones, each should be password protected.
In addition, employees should get creative when selecting passwords, and ensure they are:
- Changed every few months.
- Different across devices.
- Unique and difficult for others to guess.
Reinforcing the importance of using strong passwords decreases the risk of employees’ devices getting hacked.
2. Using Public Wi-Fi
Connecting to the nearest Wi-Fi access point is a popular way to access the Internet quickly—but that does not mean it is the smartest.
Generally, public Wi-Fi connections are unencrypted, meaning data may be vulnerable to interception by anyone within range. It is also possible to inadvertently connect to a “rogue” access point that can capture your data traffic, redirect you to malicious websites, or inject harmful instructions that may be executed by your computer while browsing.
If employees need to access company resources via the public Internet often, invest in a Virtual Private Network (VPN). VPNs add extra protection to devices, allowing users to retrieve resources from your company network without physically being connected to it. They have the added benefit of encrypting traffic between the computer and the VPN server, improving security while devices are connected to Wi-Fi or other remote networks.
3. Phishing and Malicious Email
Fraudulent emails can cause great damage to your company’s security through the use of harmful attachments, links or direct requests. Phishing emails often contain ”obfuscated” links that appear known or safe to the user, but once clicked, may allow cyber hackers access to devices and data. Educate employees on being cautious with emails. Red flags to look for include:
- Popular companies with misspelled names or tricky URLs (i.e. www.disne1yworld.com).
- Suspicious or unrequested downloads or attachments.
- “Too good to be true” offers and promotions.
- Unwarranted tech support.
4. Surfing the Web
Did you know that about 40% of U.S. business bandwidth is used for activities unrelated to business? The truth of the matter is, employees often use your company’s Internet to surf the web during downtime or lunch breaks.
If systems are not protected properly, employees may stumble upon websites with malicious malware, causing machines and devices to become infected.
For years, companies have blocked access to specific sites that they determine to be inappropriate or dangerous. This strategy works well for specific, known destinations—but many of today’s threats appear without warning, prompting some to adopt what is known as “whitelisting,” allowing access only to preapproved sites. This approach can be complex and time consuming to administer, but is expected to become more popular as threats to data security grow more advanced.
Secure systems with commercial antivirus and anti-spyware software, and teach employees the value of being careful on the web. No form of entertainment is worth risking the security of your business. For even more protection, consider partnering with a managed network services (MNS) provider, who can assist with advanced solutions like managed firewalls, Unified Threat Management (UTM) products and proactive network monitoring.
How do you ensure employees are keeping your company information secure? Share your tips with us in the comments below!