Employees can be your most valuable asset — and your biggest security nightmare. Often, then unknowingly engage in risky behaviors setting your company up for scammers. Taking work home, for example, might seem innocent enough, but it can put holes in your security defenses. Here are five ways that your employees might be putting your business’s computer systems and data at risk:
1. Using Personal Email Accounts for Work
Employees often use their personal email accounts to send company data. An Ipswitch survey provides some insights into why. It found that employees often use personal email accounts when their companies’ email systems are too slow, do not allow large files to be emailed, or are difficult to access from outside the office.
If your employees are using personal email accounts for work, your business is more vulnerable to malware. Your employees might not have anti-malware software protecting those accounts. Plus, you won’t be able to monitor and store any business emails sent from employees’ personal accounts. This can present problems, especially if your business must adhere to industry or government regulations that control how sensitive data must be handled.
2. Using Unauthorized Personal Devices for Work
Many employees use personal devices (e.g., desktop computers, smartphones) for work, often without their employers’ knowledge. A Gartner study found that 45 percent of workers not required to use a personal device for work were doing so without their employers’ knowledge.
Letting your employees use unauthorized personal devices to perform their jobs is risky. If the employees’ personal devices are not protected by security software, cybercriminals might gain access to the company data. Plus, any malware that is present could potentially find its way to the computers in your business. Further, your company data could be in jeopardy if your employees lose that personal mobile devices (e.g., smartphones, laptops).
3. Storing Company Data in Unsanctioned Clouds
Employees sometimes put business data in unauthorized cloud storage services, such as Dropbox, OneDrive, or iCloud. While there is always the chance that employees are doing this maliciously (e.g., data theft), most of the time it is done for other reasons. For example, it might be an easy way for employees to get data from their work computers to their personal devices. Or, they might store data in an unsanctioned cloud to get around file-size limits or file-storage quotas imposed by their employers. If your employees are storing company data in unauthorized cloud storage services, you can’t protect and control that data.
4. Surfing the Web on Work Computers
Letting your employees surf the web on their work computers at lunchtime and during breaks might seem harmless. However, if employees inadvertently visit a malicious website, their computers could become infected with malware. Plus, web surfing can hurt productivity if employees are doing it on the clock.
5. Using Unauthorized Applications on Work Computers
Many free applications are available on the Internet — and your employees might be installing them on their work computers. While some free programs are quite useful, cybercriminals offer free programs that are laced with malware. As a result, letting your employees download and install any program on their work computers presents a security risk. In addition, the free programs might create conflicts with the other applications on their computers.
How to Identify and Address the Risky Behaviors
Identifying and addressing your employees’ risky behaviors is important if you want to keep your company secure.
- Fix any problems that might be leading to risky behaviors. For example, if your employees are using their personal email accounts to send business emails because your email system is slow, consider upgrading or switching to a faster one.
- Create policies that specify what employees can and cannot do. For instance, if you don’t want employees installing unauthorized applications on their work computers, you need to create a formal policy to forbid it.
- Put procedures and systems in place that employees can use to adhere to the policies you have set. If you have a policy that states employees cannot install unauthorized applications, implement a procedure that employees can follow to get an application authorized if they feel it would help them perform their jobs more effectively and efficiently.
For ways to test your cyber security and identify your internal weak links, check out our cyber security training program at http://www.stlcybersecuritytraining.com/. Also, contact The Miller Group to find out even more ways to address employee behaviors that might be putting your business at risk.