As a business owner, you understand the importance of being cautious with your valuable and confidential information. Unfortunately, the security of data and files does not lie solely in your hands.
Although your employees may be loyal and trustworthy, occasional carelessness or lack of IT policies could cause a harmful data breach.
It happens all too often: As of January 2020, at least 7.9 billion personal records have been exposed in data breaches since 2019.
Even if it’s not intentional, your employees might be putting your business’ IT security and private data at risk. Here’s how.
1. Not Protecting Devices
If employees have access to company information on their devices, it is crucial they keep them protected. From laptops to tablets to smartphones, each should be password protected, with multifactor authentication wherever possible.
In addition, employees should get creative when selecting passwords, and ensure they are:
- Complex and difficult to guess
- Unique per system or service
- Changed occasionally
Reinforcing the importance of using strong passwords decreases the risk of employees’ devices getting hacked.
2. Using Public Wi-Fi
Public Wi-Fi connections may be unencrypted, meaning data may be vulnerable to interception by anyone within range. It is also possible to inadvertently connect to a “rogue” access point that can capture your data traffic, redirect you to malicious websites, or inject harmful instructions that may be executed by your computer while browsing.
If employees need to access company resources via the public Internet often, invest in a Virtual Private Network (VPN). VPNs add extra protection to devices, allowing users to retrieve resources from your company network without physically being connected to it. They have the added benefit of encrypting traffic between the computer and the VPN server, improving security while devices are connected to Wi-Fi or other remote networks.
3. Phishing and Malicious Email
Fraudulent emails can cause great damage to your company’s security through the use of harmful attachments, links or direct requests. Phishing emails often contain “obfuscated” links that appear known or safe to the user, but once clicked, may allow cyber hackers access to devices and data.
Educate employees on being cautious with emails. Red flags to look for include:
- Popular companies with misspelled names or deceptive URLs (i.e. www.disneywor1d.com).
- Suspicious or unrequested downloads or attachments.
- “Too good to be true” offers and promotions.
- Unwarranted tech support.
4. Surfing the Web
The truth is, employees often use your company’s Internet to surf the web during downtime or lunch breaks.
If systems are not protected properly, employees may stumble upon websites with malicious software (“malware”), causing machines and devices to become infected.
For years, companies have blocked access to specific sites that they determine to be inappropriate or dangerous. This strategy works well for specific, known destinations—but many of today’s threats appear without warning, prompting some to adopt what is known as “whitelisting,” allowing access only to preapproved sites. This approach can be complex and time consuming to administer, but is expected to become more popular as threats to data security grow more advanced.
Secure systems with commercial antivirus and anti-spyware software, and teach employees the value of being careful on the web. No form of entertainment is worth risking the security of your business.
For even more protection, consider partnering with a managed network services (MNS) provider, who can assist with advanced solutions like managed firewalls, Unified Threat Management (UTM) products and proactive network monitoring.
Are your employees keeping your company information secure? Learn how business security solutions can help.