Hopefully by now you realize you need to keep a close watch over the security of your PC and other devices (or you’re smart enough to hire us to do it for you). Either way, cyber-crime is BIG business, and small business owners are seen as the low hanging fruit by attackers who are looking for easy-to-steal financial data, passwords and more.
But there’s a much bigger threat to small business data security that can not only leak your information out to the masses, but can also corrupt or erase data, screw up operations and bring everything to a screeching halt.
What is it? Surprisingly, it’s your employees.
Here are just some of the ways your employees could be compromising your business’s security and what you can do about it.
Human Error
When it comes to your network, human error is the number one reason that data gets deleted or corrupted, systems fail and viruses get through.
Most of the time, the threat is an innocent mistake. Someone accidentally deletes an important file, falls victim to a phishing email, or sends information to the wrong email address. Regardless of intent, employee mistakes can be costly for any small business.
The key to combating the problem is to expect mistakes and take actions to minimize their impact. For example, having a reliable cloud backup of critical files could save the day when important files are accidentally deleted.
It’s also important to educate employees about malicious viruses and malware that could impact your network. Establishing policies about what can be downloaded and from where can also minimize problems.
Carelessness
Excerpted from TrustWave
The most well-intended and conscientious employees can sometimes be careless. An example might be an employee that openly displays passwords for all their user accounts on post-it notes to make it ‘easier’ to login. Or employees who uses weak or repeat passwords for every account.
Some employees store sensitive files on public services like Dropbox, Evernote or Google Docs instead of the company’s secure file server because it’s easier or more convenient. After all, they just need to save something quickly and have every intention of copying the file to it’s rightful place when they return to the office in the morning. They figure, what’s the harm?
The key to handling carelessness is educational training and clearly established policies. Without them, employees may not truly understand the threat their actions represent.
Smartphones & Mobile Devices
Excerpted from TrustWave
Allowing your employees to access your network through smartphones and tablet devices has become all the rage. And for good reason. Employees who use their personal devices for work often get more work done and are able to collaborate or take conference calls outside of the office. Yet, despite the productivity gains, these devices can pose a serious threat to your business security.
Consider that many employees install unsupported software on their devices that could contain malicious content. Many also use public services like Dropbox, Skype, Twitter or Facebook to store or distribute company documents and information. In addition, smartphones and tablets are often lost or stolen. When these devices contain confidential company information, the threat to security is clear.
So what can you do?
A clearly established security policy regarding personal smartphones and mobile devices is essential. First decide how personal devices can and will be used and inform employees on your policies.
At a minimum, all devices should require a password for access. You’ll also want to make sure each device has anti-spam and anti-virus software installed and uses an approved operating system.
You may also want to setup software to remotely wipe a device in case it is lost or stolen and enable server-side security measures to restrict access to sensitive documents and information.
Malicious Acts of Revenge
Angry employees who haven’t gotten a raise or promotion they think they deserve can pose a serious security risk for your business. They often steal and post client data, financials or other competitive information online. In some cases, they sell the information. Other times, employees delete critical files to either cause harm or cover their tracks. And when it’s your clients’ data that gets stolen or compromised, you have a major PR nightmare to handle, aside from the costs and problem of recovering the data.
While you can’t predict what disgruntled employees are likely to do, you can make it more difficult for them to hurt your business and your reputation.
Start by only allowing access to the resources that employees need to do their individual jobs. Establish user accounts with multiple safeguards so employees aren’t in a position to access information they shouldn’t have.
Next, set up content filtering software to detect not only when employees visit inappropriate sites, but also if they delete or alter large amounts of data – key signs that something could be amiss.
Additionally, it’s worth a little bit of money to find a good employment attorney to help you craft various policies on using and accessing confidential information.
Finally, if something does go wrong, a cyber insurance policy can help protect your business from the cost of a data breach.
While most employees aren’t out to hurt your business, many of their actions can put your business’s security at risk. It’s important to take the right steps to minimize mistakes and safeguard your data and your network.
Need help implementing the right safeguards on your network? We’d be glad to lend a hand. Contact us today to discuss real solutions to safeguard your network!