Ways Your Employees Compromise Data Security


Last week’s blog included tips on how to be proactive in your network security. One of those ways was to train your personnel. This week we will discuss why it is so important to have a trained staff. Here are five ways employees can compromise your data security.

  1. Inside Job

Thinking this is an inside job is the worst one to bring up, but we will just go ahead and get it right out of the way. Yes, sometimes your employees can be so mad about something that they will attack your organization from the inside. These can be very hard to detect and can be very costly! According to a CNET article, insider attacks cost US businesses $40 billion in 2013 alone. While employees aren’t going to be attacking your systems while they are happily employed, be more aware of30 days before and after they leave. Be sure to close their email access, VPN access, and any other access that they might have. I don’t mean to sound cynical, but it’s better to be safe with your system than sorry you neglected it.

  1. Unsafe Downloads

Employees can download anything to their workstations, and this can be extremely dangerous. They might think it is a helpful app they need to complete their work, an attachment from an unknown email source, or a hidden Trojan in a torrent download. You’d be lucky if the infection is only limited to their workstation, however that rarely happens. Usually, it spreads from their computer to the entire network. The most efficient way to keep this from happening is to complete employee education. Make sure your people know what to look out for and continually remind them of current threats.

  1. Phishing

Phishing is the unsafe downloads to the extreme. Hackers often imitate legitimate customers and vendors that your employees interact with every day. Once they have this cover, they simply ask for the information they want. It can come in the form of a phone call or an email, and they are usually excellent at pretending. Again, the best security measure against phishing attacks are having knowledgeable employees. Make sure they know the signs. You can also create a policy that requires all sensitive information given out to go through one person. That way, your employees won’t be tempted to give any of that information out, they can simply say that the person needs to talk to Mr. I.T. Director or whoever is designated.

  1. Not Following the Proper Password Practice

I talk about this one a lot, but it is important to have a hard to guess password. Your password should have Uppercase and lowercase letters, plus numbers and symbols to make it hard for hackers to guess or crack. Also, (and I know you don’t want to hear it) you should change your password on a regular basis to make it the most secure. All it takes is for one person in your organization to set their password to “password” or “123456,” and it’s easy street for any hacker looking to gain entry. Make sure to set your network preferences to REQUIRE your employees to change their password every three months and have it not match any previous password choice.

  1. Access Issues

Make sure your employees only have access to things they NEED. Not just because they might get into documents that are confidential, but if they open those documents they have a cached copy on their workstation. Having this copy on their workstation gives a hacker another way for them to access sensitive material. Other downfalls of access to everything is the possibility of deletion, accidental email attachment, or compromise of the data. It is best to make sure your files are locked down and only accessed by those individuals that require it.

The most important takeaway from these key methods is to talk to your employees and train them on what you expect and why. Telling people to do something doesn’t always work. It is much better to explain WHY they need to follow these simple rules and let them know what could happen if they don’t. Getting hacked is no fun, and can cause numerous hours of downtime and lost productivity if it occurs.

Leave a Reply