This year, a record number of employees have been working remotely and flexible working practices are set to stay, with many predicting that working from anywhere will become the new normal.
Whilst working from anywhere improves employee satisfaction and reduces rental costs, businesses need to consider the significantly increased risk to cyber security that comes with working outside of the office.
In fact, whether you’re working from outside or inside the office, your employees can often be the biggest risk to business security. As such, you need to be aware of these risks and know how to protect your business from them.
We’ve listed the ten most common business security risks that we’ve found employees to be guilty of. Read on to learn how to identify these threats and adopt the correct solutions to stamp them out!
Outside the office
1. Using public Wi-Fi
If employees are working outside of their homes, e.g. at coffee shops, restaurants or hotels, they’ll likely be connected to public Wi-Fi. These public Wi-Fi hotspots are extremely common and easy to connect to. People often connect on their phones without really thinking twice about what they’re connecting to.
Employees need to be wary about inputting any valuable details when using a public connection, e.g. login details or financial information. This is because the security of these networks is often minimal and sometimes non-existent. As such, connecting to a public Wi-Fi carries with it a tremendous number of risks that could lead to business data being stolen and used maliciously.
2. Leaving laptops or mobile phones in vulnerable places
Lost or misplaced devices can result in your business’ data falling into the wrong hands and, ultimately, putting your business security at serious risk. If hackers can steal devices with sensitive business information on them, they can easily obtain this information and use it maliciously.
3. Sharing passwords
Sharing passwords with others is dangerous, even if you trust them. Whilst you can control who you share your passwords with, you can’t control who they’ll pass this information on to. This could lead to potential data breaches, for example, if an employee leaves the business on a bad note, with knowledge of important passwords, they could act with malicious intent.
4. Using their own devices without appropriate business security measures in place
Using personal devices for work purposes and saving company data to a personal device could put your business at risk. For example, these devices may go on to be sold, passed on or disposed of in a non-secure way. Connecting personal devices to the business network can also spread malicious programs and viruses to business hardware.
However, enabling employees to use personal devices for work purposes can also be extremely beneficial. It can give employees more freedom in terms of where they work and when, for example, enabling them to send emails via their phone whilst on the train. You just need to be confident that you have the right cyber security measures in place to facilitate BYOD (bring your own device) working practices, such as Microsoft Intune – which you can find out more about here.
5. Using the wrong cloud services
There are a multitude of cloud computing options out there that provide an easy way to save data on the cloud, making it accessible from anywhere, at any time. Using the cloud for data storage has become extremely popular due to the flexibility, adaptability and efficiency that it delivers. But you need to make sure that your employees are using the right cloud computing solutions to maximise security.
For example, many people use services like Dropbox in their personal life as a way of storing and accessing data via the cloud. Whilst this is often okay for personal use, and although employees probably have the best intentions, they should never use cloud services to store business data that haven’t been approved by you or your IT support provider. If they do, you and your business will have no control over this data or how it’s used, which could pose a major risk to your business security.
6. No passcode on smartphones
Business data can now easily be accessed on mobile phones, specifically with access to emails and documentation via the cloud. And, commonly, professionals do use their mobiles to finish off emails or refer to files when they’re out of the office. But if business data is being accessed on mobile phones, you need to ensure that employees have strong, secure passwords on these devices as a bare minimum.
Inside the office
7. Weak passwords
Hackers are becoming more innovative and better able to deduce our passwords, which is why employees need to be more stringent, ensuring that the passwords they create are strong and secure. Here are some tips for creating strong passwords:
- Make them at least 10 characters long
- Use a mixture of cases, numbers, letters and symbols
- Make sure there are no recognisable words in your password
- Use a password generator to create secure passwords for you
- Store your passwords in a secure password manager so you don’t have to risk recording them elsewhere
8. Falling for phishing scams
One of the most common ways that businesses are hacked is through human error. You need to be confident that your employees won’t fall for email phishing scams. These attacks can be extremely serious and highly targeted, meaning employees need to be educated about how scammers may carry out cyber-attacks. For example, CEO fraud is a popular form of email scam, whereby cyber criminals pose as the CEO or business owner via email and ask employees to complete tasks that provide them with important data or benefit them financially.
To protect the security of your business, you should invest in cyber security awareness training. This training will educate all employees within your organisation of the cyber security risks that they could succumb to. They will also assess employees on their knowledge and ensure that they’re always updated on new scams and equipped to manage potential malicious activity.
9. Downloading, installing and not updating
Allowing employees to install programs on their work PCs can be a good thing as they can install tools to help them work better. However, it can also lead to them accidentally installing annoying toolbars or advertising software, that can disrupt productivity. In fact, in particularly dangerous cases, malware is sometimes advertised as a download, meaning if your employee downloads it, their device and data will be corrupted.
Similarly, whilst employees need to be careful when downloading things. They also need to be ‘on the ball’ when it comes to installing updates. Many people resort to clicking “remind me later” when updates appear, instead of choosing to update the software. This could be a threat to your business security as out of date software often contains faults that allow backdoor entry to your systems.
If you have an outsourced IT support partner, they will handle all updates for you in the background. Ensuring your machines are up to date and protected; and taking the pressure off you and your team.
10. Using social media at work
Aside from being a drain to productivity, social media can also be a major risk for business security. Social media sites can be used effectively to promote click-bait that will redirect users to malicious websites to download unsolicited content, therefore, putting your business at risk.
How to ensure your employees don’t compromise your business security:
- Connect to a business VPN before connecting to public Wi-Fi, this will mitigate risk whilst still allowing employees to work from anywhere
- Implement cyber security awareness training throughout your business so that you can be confident your employees know how to handle potential threats
- Use Microsoft Intune to control how business apps and devices are used – maximising the security of employees personal devices and enabling BYOD (bring your own device)
- Create a comprehensive IT security policy, whereby you outline all the cyber security systems you have in place and the guidelines for all employees when accessing business data – then relay this to employees clearly and cohesively
- Establish strict password policies that all employees must abide by when creating new passwords, ensuring they’re safe and secure
- Ensure your antivirus software is up to date and provides enough protection for your business – having a fully managed antivirus service could help with this if you’re unsure
- Implement multi-factor authentication for all platforms, apps and systems within your business – meaning employees need to be able to identify themselves in at least two ways before gaining access to business data
- Partner with a reputable, responsive and proactive IT support partner who believes in a multi-layered approach to business security, ensuring that all bases are covered when it comes to the protection of your data
For more information on how we can help you to ensure your employees don’t compromise business security in 2020, please get in touch today.