Organizations serious about security often forget to make sure their biggest asset is secure – their employees. While you trust your employees, mistakes do happen and there’s a chance your critical business data can end up in the wrong hands. With one simple click on the wrong link, an employee can unwittingly cause severe consequences for your business. It happens – since 2019, almost 8 billion personal records have been expose in data breaches.
Here are some common ways employees can compromise your business security:
Weak passwords
It’s common for employees to reuse passwords across different sites or use simple passwords that are easy to remember – and easy to guess. It might seem like an effective way to save time or avoid forgetting passwords, but it’s the same as waving a flag to hackers that your systems are vulnerable. Malicious actors can use brute force attacks to gain access to your employee’s other accounts, putting your sensitive business data at risk of being stolen.
Passwords should not be short, as these are much easier to crack. Instead, passwords should be long, at least 15+ characters in length. Passphrases can be used, which are a sentence-like string of words that are easier to remember, and more difficult to crack. Multi-factor authentication should always be used to improve security as well.
Using public networks
It’s tempting to use public Wi-Fi when working remotely but it can be a first-class ticket for bad actors to intercept or even steal company data. Most public Wi-Fi isn’t and is one of the most common ways for hackers to gain access to public and private devices.
If signing onto public Wi-Fi is necessary, ensure employees use a Virtual Private Network (VPN) or their cellular network to carry out work related tasks.
Phishing and malicious email
Scam emails aren’t new, but they’ve gone from being obvious to very well disguised attempts to gain unauthorized access to systems. Phishing emails trick the receiver into thinking the email is a legitimate one, but when clicked can allow cybercriminals to access devices and data. Often the emails appear to be from a known or popular company but with a misspelled name or deceptive URL or has grandiose offers of support or promotions. Phishing emails can also be made to look as though they are coming from an internal company source.
Ensure your employees are up to date on security awareness and regularly check in with them about the signs of phishing and malicious emails.
Personal devices
Personal devices used by employees for work purposes can be problematic as these devices or apps may not be supported by the protocols and processes that are managed by the security team. This can expose your company to infiltration or data leaks , often without warning as the exposed devices aren’t part of the security alert system.
If employees need to use their own devices, ensure your business network is monitored to identify traffic and users. A managed security service provider can provide a mobile management device solution that enables device tracking and remote management to preserve your data security.
Employees must employ multi-factor authentication for laptops and phones being used for work-related activities.
Surfing the web
The internet is an incredibly useful tool, and it can also be a great timewaster if things are slow or during lunch hour. If your employees use the company’s internet, it is possible they’re going to access unsafe websites, containing malicious software (malware) that can cause devices and systems to become infected. Malware can be hidden in ad links, or even within the website itself, so installation occurs with just one innocent click.
In the past, the simple solution was to block certain websites that were considered dangerous or inappropriate from being accessed on servers (blacklisting). This only works for known, specific websites, and today, as cybercriminals use more sophisticated tactics, it is more difficult to know in advance which websites are harmful or not. Many threats appear now without warning, which has prompted organizations to use a security measure called whitelisting, which allows access to preapproved sites only.
Secure systems with antivirus and anti-spyware software on company devices , and ensure your employees are aware of the importance of being careful while using the internet.
What’s the solution to prevent employees compromising security?
Most employees who accidentally expose their company to data breaches or cyber threats do so out of a lack of knowledge. Ensure your employees are actively engaged in security measures and are aware of the latest cybersecurity threats that pose a problem for your organization.
But being security aware isn’t enough on its own to keep your business safe. Advanced security solutions are needed across all aspects of your IT infrastructure, including 24/7 monitoring of devices and systems, regular assessment for vulnerabilities, and expertise from security specialists.
Talk to the team of certified security consultants at Technology Solutions for tailored, proactive cybersecurity solutions to suit your business needs.
For some companies (in certain industries) employees should not be allowed to use personal devices for work purposes. Whether at work or at home, these devices can leave the door wide open to cybercriminals. Multi-factor authentication and phrase passwords should be the norm everywhere. We mustn’t make things easy for criminals.
Whitelisting is the way to go. Adding secure websites to the list will drastically reduce the chances of an attack coming this way. Good employee training is also essential so they are aware how attacks can come, what not to do (like clicking suspicious links in emails) and what would help.
By training employees (by experts only) and having them actually do certain things so they learn it by doing, it will all lead to a more secure environment. I believe in learning by doing it and not by watching it or by taking notes. Employees need to have an IT specialist behind them for a few hours or days and learn what to do and what not to do.