A recent study from Intermedia found 93 percent of employees engage in at least one form of poor data security. And 23 percent of respondents admitted they would take data from their company if it would benefit them. Long story short, you can have all the technology security in the world, but your biggest vulnerability lies in your people – from regular employees up to managers and owners. What are some of the issues that researchers found?
1) Lack of Training or Education
When you get a new employee at your business, there is probably a lot you go over with them (the typical drinking of the firehose that every new employee goes through). Is technology education and security training part of that onboarding process? If not, it should be, along with periodic reminders, security quizzes and follow-ups on company policies. That way, when they see things like support scams or phishing attempts, they’re not flummoxed.
2) Lousy Passwords
It’s all too common to see people using cruddy passwords like “123456” and “password” (see our worst passwords list). Not only are folks using weak or easy-to-guess passwords, but they are using the same passwords everywhere. You can setup your network to require strong passwords for your Windows logon, and we recommend you do so.
3) Passwords Are Being Shared
Not only lousy passwords being used, but they’re being shared with co-workers. Or worse yet, they are setting up shared accounts for machines or services so if one account is compromised, the entire account is toast.
4) Software Is Installed Without Consulting Someone
Intermedia calls this issue “Shadow IT.” You spend eight or more hours in front of your computer every day and start to think of the machine as your own to do with what you will. That means you might think you are free to install applications without approval of your IT department or a consultant like us. This can open up the organization to risk, as well as make the job of the IT team a lot harder.
5) Company Files Get Stored on Personal Cloud Storage
To quote Intermedia:
Saving company files to personal file-sharing applications highlights a more recent concern in the age of cloud computing. While file-sharing applications such as Dropbox and Google Drive have helped streamline communication and version-control of shared documents, these services often lack security protocols or audit and compliance features. In short, they were created with consumer convenience front and center.
It might be a spur-of-the-moment decision to save a bit of time but it is recommended to use a service built for the purpose that has the extra layers of security and corporate control built in.
6) Company Data is Accessed After Changing Jobs
When an employee leaves a company (voluntarily or otherwise), the first step that should happen is immediately revoking, disabling and removing that employee’s access to all systems, applications, and platforms in the company’s control. Sadly, it’s not happening like it should: Intermedia’s research found that 89% of employees still have access to one application or to proprietary corporate data after leaving a company.
7) Not Being Careful With Email
Whether you admit it or not, most folks have had a close-call or heart-stopping “Reply All” horror story. One mis-click, and you can end up sharing information with the wrong people, putting your company at risk.
Not every breach or security risk is entirely preventable, but your people can be the first (and sometimes the last) line of defense to protecting your company and its data. Contact us today to learn about more preventable measures that can be put into place, as well as employee training.