Employees may cause a security risk without realizing. It’s vital you ensure staff are aware of security procedures early on. So, what are the risks within the workplace and how can you combat them?
What an employee may think of as an innocent action could result in a security breach. Company information can be easily compromised through:
- Copying files to a USB drive
- Using personal devices
- Using cloud services - like Dropbox or Google Drive - to store company data
Unless your employee has suitable security measures in place, any of these actions can result in malware being downloaded onto your organization’s network.
Remote working raises many security issues, take a read through one of our other blogs, 7 top security tips for remote working, for more essential advice.
We live in a world of passwords overload. Multiple applications, on multiple devices and multiple networks. This can lead to easy to remember passwords that are used everywhere. Attackers could easily guess these passwords and use them to gain access to your networks.
Review your password to policy to make sure that it’s good enough and is relevant. Recommending a password manager tool is a very good place to start.
Businesses are now more prone than ever to phishing attacks. According to a government report, a large wholesale company received approximately 340,000 phishing emails in 2016 .
There are ways to spot a phishing attack and prevent employees from falling victim. Train your staff so that they are aware of phishing and they can easily spot this type of cyber-attack.
Most of us have been guilty of browsing the web during work hours, but using a company device for personal use can cause risks. Some websites may be unsafe and malware can be downloaded without the user realizing.
Consider blocking certain websites to prevent damage to a business computer as well as stopping staff from looking at sites they shouldn’t be.
Employees may not realize that what they post on social media can be a threat to businesses. A member of staff may be tempted to take a selfie with colleagues during a charity cake sale day and be unaware they have uploaded a snapshot of company documents that could reveal company financial information and other sensitive data.
Even a simple employee post about their role within a business can be like catnip to unscrupulous hackers. Details can be used for phishing attacks on a business or to steal the employee’s corporate identity.
Ensure that your policies and training are updated and actionable so that your staff is aware of the dangers of social media and that they use it safely.
Some employees may purposely wish to cause harm to business; this can be one of the biggest threats to an organization. Staff can steal sensitive information, data, code and intellectual property.
If you believe a member of staff is stealing company information or acting unlawfully, report this immediately.
New starters aren’t given security awareness
Our top tips for raising security awareness for new employees:
- Don’t hide lengthy security policies in the new starter pack. Include a one-pager that shows a maximum of five do’s and don’ts of looking after business information
- Make security ongoing and digestible. Consider regular email bulletins, which make just one point at a time, so that information overload doesn’t occur
- Use security champions such as line managers. Employees should be able to talk to someone about security and get advice whenever they like. This includes talking about any incidents that should be reported
- Engage with employees about security regularly in team meetings
- Try to resonate with new employees by putting security into the context of your business and if possible their department areas or their roles
You must engage with new employees about security as early as possible.
If you can explain the benefits of security to them and they understand it, they are likely to spread the good work around the rest of your company and potentially teach your existing staff
How we can help
Informer can continually assess your online exposure. This will reveal how your organization looks from a hacker’s perspective and identify ways you can reduce risk.
Book a demo of Informer today and see how we can protect your organization. We also provide policy reviews and staff security awareness training that is designed specifically for you.