These days, it seems like every other newspaper headline is about a major security breach.
As the workplace becomes ever more digital, cyber security threats are a viable concern for businesses.
While some of these threats come from outside sources, a staggering 55% of security threats start inside the company. Often these are the result of unsuspecting employees who don't realise that their actions are putting the company at risk.
The truth is that employees are the biggest cyber security threats to businesses today!
What are the reasons for this? And what can employers do to reduce the risk of cyber security breaches? Read on to find out!
7 Ways Employees Pose Cyber Security Threats
Many companies feel compelled to invest in pricey security tools to protect against outside cyber attacks.
While this is certainly a good idea, they should also make an effort to identify and correct internal security risks.
Here are seven reasons why your employees may inadvertently be putting your company at risk.
1. Insufficient Training
New employees are usually given a computer, a company email address, and access to the necessary applications to do their work.
But training on how to use all these tools often falls by the wayside. It's vital that companies provide detailed education to protect their employees and themselves from outside threats.
One training session during the hiring process isn't enough. Anyone serious about reducing cyber security threats knows that regular IT support is essential.
2. Weak Passwords
Shocking but true: The two most common passwords in 2016 were "123456" and "password."
This is probably because many workers opt for convenience over security. To be sure, creating and remembering many different passwords is annoying.
However, it's never a good idea to use the same password across more than one application. Employees should also refrain from using easy-to-guess passwords.
Both practises leave those accounts wide open to a security breach.
3. Carelessness with Emails and Web Browsing
This is probably one of the most common and most serious cyber security threats.
Who of us hasn't experienced, or at least heard of, a terrifying "reply all" blunder? Accidentally sending information to everyone instead of the intended recipient could spell disaster.
Another risk is opening email attachments. An unsuspecting employee may open a legitimate looking email and click on links or attachments. One wrong click could download malware that gives hackers access to sensitive data.
The same thing could happen when an employee is surfing the net for business or personal reasons. Without even knowing it, they could land on a compromised site that exposes your business to cyber security threats.
4. Shared Login Credentials
This is yet another trap of convenience.
It's understandable that sometimes colleagues need easy access to information. But a danger exists when they rely on shared credentials rather than personal logins.
In a recent survey, 65% of IT professionals admitted to sharing their logins with more than one user. This can leave the company vulnerable to a security breach.
Ideally, companies should assign every new employee a unique login. They should also give access only to necessary applications and software for the employee's position.
What if several employees need access to the same information, such as the company's social media accounts? In this case, use an SSO service to securely link shared accounts without revealing the password.
Usually, only the IT administrator knows the password. This makes it easy for him to add and revoke access as people join and leave the company.
5. Installing Unauthorised Programs and Software
After spending eight hours a day at their workstation, employees may start to view it as their own "personal space."
Many companies have policies against downloading unauthorised programs onto their work computers. This could include music streaming services or a file sharing tools.
Despite the rules, employees may see no harm in downloading such software anyway.
A company has good reasons to allow certain programs and applications, and not others. Not only does it ensure consistency in the office, but it also protects against malware and other cyber security threats.
If your IT team is unaware of such software, they have no way of performing proper maintenance on it. This leaves your company wide open to potential cyber security attacks.
6. Uploading Company Files to Cloud Storage
An employee who uploads files to Dropbox or Google Drive may have the best of intentions. Perhaps they're taking a project home to work on after hours or during the weekend.
These file-sharing services can be helpful because of streamlined communication and user convenience. However, they often lack in proper security protocol or compliance features.
Although the employee's motives may be pure, uploading work files to remote applications is risky business. It's vital that employees keep the company's best interests in mind. The best way to do this it is to avoid compromising any sensitive information.
A similar risk occurs with uploading company files to a mobile device, laptop, or thumb drive. These devices can easily get lost or stolen outside the workplace.
Placing sensitive information on their home computers can pose a security risk, too. The computer may contain outdated software, or the employee may be unaware that it's infected by malware.
7. Responding to Phishing Scams
This is another way an innocent employee could accidentally leak information to outsiders.
They might receive phishing communications via a phone call, fake invoice, or email. These requests for sensitive information often appear legitimate. This prompts the employee to respond with credit card numbers or account details.
By doing so, they unwittingly open themselves - and their company - to a breach of data.
Protection Against Cyber Security Threats
It's not possible to eliminate all risk of security breaches. However, a company that educates its employees against potential threats is one step ahead of the game.
Ensuring you have proper IT support is crucial, as well. At NSIS, we dedicate ourselves to providing the very best in IT support and cloud services.
We invite you to contact us with any questions or concerns you may have. We look forward to hearing from you!