Infographic: 10 Ways your Employees Can Compromise Business Security
The majority of your employees are probably all guilty of some of these security mistakes. Here are the ten most common security risks we have found employees to regularly be guilty of.
Identify these threats in your organisation and employ the correct solutions or education to stamp them out!
Using Public Wi-Fi
Many public wi-fi connections are unsecured – which could allow an outsider to snoop on the connection and intercept data. Connecting to a business VPN first over the wi-fi can mitigate this risk.
Leaving laptops and mobile phones in vulnerable places
Employees losing devices potentially results in your business’ data falling into the wrong hands – especially if the next two best practices are not being followed.
Not using strong passwords
Traditional passwords are no longer safe as cracking methods have become more sophisticated. You could liken employees using easily crackable passwords to leaving the key in the door of your office building.
No unlock code on phone
Considering many apps on smart phones keep the user logged in, an unlock code is vital for protecting company data. Without one your business data could literally fall into the hands of a criminal.
Sharing passwords is dangerous. You can control who you share them with, but not who those people might share them with. This can come back to haunt you when a scorned employee leaves, perhaps with malicious intent.
Using the wrong cloud services
Employees may use services like dropbox with the best intentions, purely so they can easily work on a file wherever they are, but this can have severe repercussions as the business has no control over security. Now it is not only business devices and hardware that risk the company’s security – but the employee’s personal devices and password security too.
Bringing in their own devices/hardware
Similar to the above, saving company data on personal devices is a security threat as these devices may be lost – or will eventually be sold/passed on or disposed of in a non secure way. Connecting personal devices to the business network can also spread malicious programs and viruses to business hardware.
Falling for Phishing
Too many employees fall for phishing emails and don’t treat attachments or links within emails with enough suspicion. These attacks can be extremely serious, stopping your business from working and even leading to total data loss.
Downloading and installing things without permission
Allowing employees to install programs on their work PCs can be a good thing as they install things which help them to work better. However, it can also lead to accidental install of annoying toolbars/advertising software – that hampers productivity. In the worst cases malware can be packaged with some downloads, putting your business at risk.
Using social media at work
Aside from being a drain on productivity, social media can also be dangerous. It can be used very effectively with click-bait to redirect users to malicious websites that download unsolicited software.
Choosing the convenient option
Employees will often save files to their hard-drive as it is “easier” than saving in the correct place. This leads to potential data loss in a disaster – as individual PCs are not being backed up. If this was done on a laptop that is then lost, data is accessible to whoever finds it. If the data had been saved to the company servers or cloud solution then A) it is recoverable, and B) it is not on the laptop for the finder to see/use.
Clicking remind me later instead of installing the fix or update
Lazy clicking of “remind me later” instead of following prompts to update software can be a security threat. Out of date software often contains faults that allow backdoor entry to your systems for a cyber criminal.
Leaving laptops or desktops unsecured
70% of employees don’t lock their computers when they leave their desks – leaving sensitive information vulnerable to other employees, visitors, building maintenance staff etc.
Fill out the short form in the link below to discuss your security needs with us.