The very idea that your trusted family of employees could be a liability to your business security may well bring out your defences but, with 88% of data breaches in the UK being the result of human error, it’s a cold hard fact they could be.
Of course, putting your business security at risk is not their intention but not all threats are easy to identify as employees go about their day focused on their responsibilities (you may even miss some of them yourself).
5 ways your employees may compromise your business security.
There are some obvious threats to business security your staff are likely aware of such as phishing emails, weak passwords, sharing passwords… but here are some of the less obvious red flags everyone should be considering too.
#1 Vulnerable personal devices
Allowing your staff to use their own PCs, laptops and smartphones can be tempting, especially while many are working from home. But these devices can prove a real vulnerability for your business security.
Not only could they be passed on whilst still holding business data; they are unlikely to have sufficient anti-virus or malware protection, or could already be running a malicious programme that could spread to your business network.
The solution
Beyond working from home, finding a way to enable staff to use personal devices can significantly improve productivity. Emails can be managed on public transport commutes, lost time in the office can be regained at a suitable time; the flexibility helps.
Developing a BOYD policy (Bring Your Own Device) will help protect your employees and your business. The policy should outline the security measures that should be taken when using a personal device, such as adequate virus protection, use of secure connections, updates and patches, permitted and non-permitted hardware and firmware, etc.
#2 The wrong cloud
When trying to maintain productivity away from the office, employees may turn to services they use away from work, such as personal Dropbox accounts. Whilst you have to admire initiative, some of these services simply aren’t secure enough to be used for commercial purposes and sensitive business data.
The solution
The best thing you can do is to move your business to cloud services with guidance from an IT consultant. It’s important to make sure the cloud solution you choose is designed for commercial use and that you have all the necessary enhanced security features in place.
In addition to saving you money and improving business efficiency, moving your IT systems to the cloud enables you and your employees to work from anywhere at any time securely.
If the time isn’t quite right for you to switch to business cloud services, we recommend you always check with your IT provider or cyber security specialist before allowing your team to use a public cloud service.
#3 Open smartphones
Using a smartphone to catch up on emails or access the report with the figures you need can be a saving grace. But if that smartphone is also a personal phone; the phone used to play brain-training games or to catch-up with friends on WhatsApp; it’s easy to overlook the importance of making sure the device is secure.
The solution
This one’s simple: If a smartphone is used for business purposes, it needs to have a strong and secure password and shouldn’t be connecting to public WiFi for remote access into business systems.
#4 Avoiding updates
We’ve all fallen foul to accepting a quick Windows update that turned out not to be so ‘quick’, so it’s easy to see why your busy team may favour the ‘remind me later’ button. What they don’t realise is many of these updates include important security patches. Leaving them uninstalled, leaves a gaping vulnerability in your IT systems.
The solution
The best and most secure solution is to work with a Managed Service Provider (MSP). One of the many services an MSP can provide is patch management which ensures all updates are implemented in the background. This takes the pressure off your team and means updates and patches are implemented without interruption to their work.
#5 Social media access
A sandwich at the desk and Facebook on the screen is the scene of most offices come 12:30 pm. Whilst it’s not a pleasurable thought to ban social media sites being accessed from PCs during breaks, they do pose a real risk to your business security.
Masters of click-bait, many cyber criminals will use social media channels to redirect users to malicious sites and guide them to download unsolicited content, compromising your entire business network.
The solution
The only secure solution to this is to allow social media access during work breaks only via personal mobile devices using mobile data connections.
Jupiter IT Is More Than IT Support – It’s IT Consultancy
In addition to the suggestion solutions in this blog, we are also firm believers in businesses providing all employees with cyber security awareness training. Many cyber security risks are easy to miss but with the right training, you can increase staff awareness and, in turn, your business security.
At Jupiter IT, we are recognised as cyber security specialists and are proud to hold the prestigious Cyber Essential Plus Certification. We use our expertise to deliver free, content-rich cyber security staff training for all our clients and can help them to gain accreditation too.
To find out more, drop us a line – we’re waiting to share our expertise with you.