TechViews News …..
Every day, trusted employees are putting organizations at risk by performing seemingly innocent acts on their computers.
Recently, an Intermedia report found 93 percent of employees engage in at least one form of poor data security. And 23 percent of respondents admitted they would take data from their company if it would benefit them.
Most companies are investing large sums into hardening their systems against outside threats. And this would been appropriate in light of the huge increase in data security breaches we’ve seen over the last couple of years.
But before investing in new security technology to thwart external threats, companies should place higher priority on identifying and fixing internal risks.
Here are a few of the most common employee traits that expose businesses to potential harm:
1. Employees are not given security training.
When a new employee is hired into an organization, he or she typically gets a computer, a company email address with that company’s domain suffix, and the ability to use a commercial office suite of applications to handle their daily work.
But in the interest of shortening the time it takes for a new employee to get up to speed, the new employee is usually required to already have a full working knowledge of the basic office applications without out further training.
The failure there is not in the basic knowledge of how to write documents, spreadsheets or presentation slides. It’s in how to secure those documents and materials against misuse by others. In most cases, it is presumed that the employee has those skills, but most of the time it’s only the basic knowledge of how to produce the documents that the employee has, not the ‘how-to’ of document security.
Company leaders who are serious about keeping cyber threats at bay understand that a single training session during on-boarding isn’t enough. Up front training is important to help establish good habits from the start, then supplement that baseline with periodic information and training sessions.
2. Weak passwords are the most common open door to a breach.
According to SplashData, the most common passwords used in 2016 are still “123456” and “password.” It’s easy to be lured by convenience rather than opt for security.
As an example, John Podesta’s computer was hacked while he was campaign manager to the ‘Hillary Clinton for President’ campaign because he used the word, “password”, as his login password. This led to a huge trove of private and official campaign emails being released that exposed many of the legally questionable behaviors of Clinton, her campaign operatives, and the DNC in general.
Creating and remembering new passwords certainly inconvenient, which is why so many employees stick with the same password across multiple accounts. But this, of course, makes for a wide-open target. In one fell swoop, all of an employee’s accounts can be compromised.
These days people are being required to have multiple passwords for multiple online services. Enter the use of commercial password managers in the form of local applications or online services.
Password managers provide users with a single password to access all their web and email applications. The employee logs in to the password manager, and that application (or service) logs him or her in to all apps for which that user has permission – no need to rely on sticky notes and Excel spreadsheets to manage all those usernames and passwords. Because users have to remember only one password, it typically can be longer and stronger than they’d normally select.
3. Employees install applications without consulting IT.
It’s a common practice for employees to download unauthorized applications to their work computers or mobile devices. Many employees are glued to their work computers eight hours or more a day and start to think of that workstation as their own personal device.
Their intentions may be harmless – perhaps they want to download a popular music-streaming application or a social media access application. But doing so without first consulting IT contributes to the problem and puts the company at risk.
There are good reasons why businesses should allow certain applications and not others. These include keeping up productivity, ensuring consistency across the office and its departments, protecting against malware or other security threats and keeping risk at an acceptable and understood level.
If IT decides that consumer-grade products are not secure enough, then employees must understand and abide by company security practices.
4. Personal cloud storage is used to house company files for later use.
Saving company files to personal file-sharing applications highlights a more recent concern in the age of cloud computing. While file-sharing applications such as Dropbox and Google Drive have helped streamline communication and version-control of shared documents, these services often lack security protocols or audit and compliance features.
A dedicated employee might upload work files to a personal file-sharing application so he or she can work remotely after hours or over the weekend. Despite the individual’s commendable motives, this is a high-risk behavior.
5. They access company data after changing jobs.
When an employee resigns or is terminated, the very first step the business should take to protect itself is identifying and immediately revoking the employee’s access to all platforms and web applications. Research has shown that after leaving a company, 89 percent of employees still have access to at least one application or to proprietary corporate data.
Not all data breaches or cyber threats are preventable. But a business that arms its workforce with the education and resources to break bad computer habits can operate with greater confidence that the company and its data are safer.
Be Safe – Backup Your Data Regularly!
Tell us what you think in the space below. And please Subscribe (for free) on the right panel to receive our weekly newsletter, along with article updates as soon as they are published.