Six Mistakes Employees Make That Drives Corporate Security Managers Crazy

sloppy security practices

TechViews News   …..

The daily news is filled with stories of international hackers, corporate leaks, and state sponsored computer intrusions, that we forget that the bigger threat is right under our noses.

Forrester Research found that nearly 40% of all data breaches are caused by insiders, employees that we work with daily. And of those insider breaches, 26% are caused by abuse or malicious intent by insiders, and 56% are caused by inadvertent misuse or sheer carelessness by employees.

Of those 56% of breaches caused by careless employees, most all of them can be avoided. The basic onboarding process for new employees usually includes a document, video, or pamphlet on data safety. But research has shown there needs to be a yearly process or refresher course to remind employees how to protect their company’s information.

Small companies are at even more risk since there is usually little time for computer training beyond that which the new employee is already expected to have.

“Data is too often mishandled by employees,” says Merritt Maxim, a principal analyst at Forrester Research who serves security and risk professionals. “A good tip for companies is to take more time training their employees about data safety. If people understand what the organization considers sensitive, there’s less of a chance that it will be mishandled.”

Says Maxim, “Since it is of high importance to both the company and employee, we suggest everyone watch and remind each other when they see lax behavior regarding data safety. Managers and supervisors should take a more active role in watching for careless behavior as well”.

Based on interviews with Forrester’s Maxim and IDC’s Frank Dickson and Robert Westervelt, here are six common ways employees mishandle – and inadvertently breach – an organization’s security.

Lazy use of Office 365 or cloud services

End users often assume that when they are using cloud-based workloads they are automatically secure. Not so. Applications that are cloud based are becoming a new favorite for hackers wanting to glean confidential corporate information. When people put workloads in the cloud, it is still their responsibility to, at the very least, set a password and change it on a regular basis. Administrators should keep on top of the staff to set and change passwords, but sometimes they forget as well. This is clearly a security hole that can be plugged by just paying some careful attention to security basics.

Leaving a laptop at the security line at an airport

Here’s another one that’s preventable by paying some more attention to detail. Sure, when you go through the security line at the airport, you have to take off your shoes, belt, empty your pockets, the works. Whatever you do, don’t forget to take your laptop with you. If it’s a work laptop, the machine often has sensitive company information that could potentially be exposed. Yes…people ready do this. And yes … it’s incredibly harmful.

Losing track of thumb drives

Sometimes people keep many more than five thumb drives, and they don’t always know what data resides on them until they plug them in to check. Too often people have thumb drives from previous jobs or projects that contain confidential data. And then there’s a chance that data on a thumb drive could become infected and then spread a virus to the corporate network once it’s inserted into a work computer. Many organizations today don’t let employees copy files on thumb drives. All files are copied to a corporate cloud account for later use. If employees aren’t sure what the company policy is, they need to know who to ask if there is a digital way to store files.

Mishandling company information

Users mishandle company information all the time. Simply emailing a document to a personal machine at home can be considered a breach – and people do that all the time. Another example: An employee is on the road and asks an administrative assistant at the client’s office to print out a document for him. That document could be important information to the employee and his client, but now it resides on the assistant’s computer and more often than not won’t be deleted. That’s a breach.

Lax attention to “tailgating” at physical entry points

Companies really need to train users to be aware of this one. Sometimes people will be entering the company location and a second person will come by, saying they forgot their badge, can you please let me in. Unless the person with the badge knows for sure that the person they are letting in is an authorized employee or business partner, they should not let them in. At worst, the person seeks entry to do harm to another person, but they could also be looking for some quick money and will look to swipe a laptop off a person’s unattended desk. Another point along these same lines: Don’t ever let strangers or unauthorized people use your corporate PC.

Commenting on Social Media about work matters

Facebook, Twitter, Reddit, and other forms of Social Media have become so common that people may start writing about a company project and not realize they have compromised the company in any way. If employees decide to write messages, they should stay away from any work topics, stick to hobbies such as music, art or sports they follow or participate in. Even if sensitive documents are not shared, social media posters could be giving away internal company strategy by disclosing what’s said at internal meetings. People have been fired for this, so employees must be told that once their posts are up on the Web, it’s in the public domain and can have unforeseen consequences to the business.

Be Safe – Backup Your Data Regularly!


And don’t forget to take advantage of our FREE subscription to the TechViews News Updates. You will receive all of our updates and posts the moment they are published..