4 Ways Employees Compromise Security (And How You Can Solve Them)

In a perfect world, employees would have great cybersecurity habits. They will make sure never to place their company’s data or network at risk.

This isn’t a perfect world, though. Although office workers can be trustworthy and loyal, a lack of IT policies and occasional carelessness could cause a harmful data breach that can ruin your business reputation and shutter your company.

How can employees compromise their enterprise data security?

Here are four ways they can put your sensitive private and customer data at risk:

1. Insider Malice

No business manager or owner likes to think that their trusted business partners or the people on their team have it out for them. Sadly, a few bad apples can sometimes get past human resources or talent acquisition. The worst part is that malicious insider attacks are incredibly difficult to detect.

You can prevent or mitigate insider malice by getting to know the mind of your attacker. Put yourself in the shoes of a dissatisfied worker looking to take down their employer. You probably wouldn’t launch an attack while you’re using the company computer and still on the corporate payroll.

You would, however, be likely to launch a cyberattack a few days before or after your last day. If you still have your company e-mail and VPN login (and they still work), you could get into your ex-company’s servers from the comfort of your home.

Start by limiting privileged access to sensitive data, such as intellectual property, personally identifiable information and customer details. Then, immediately revoke the access rights of employees who resign or leave your company without notice. And remember to dispose of drives you’re no longer using, these can be used for malicious scams or cause consumer privacy breaches. It’s always best to employ a hard drive destruction service to ensure the data is gone.

Also, try getting cloud software that can back up and protect your data. You could, for instance, purchase and download an Office 365 e-mail backup solution to make sure that your e-mail data stays protected and is easily recoverable in the event of a cyberattack or a security threat.

2. The Use of Weak or Lazy Passwords

According to a report from PCMag, the top three common passwords for 2020 are picture 1, 123456789, and 123456. These passwords are so laughably insecure that you’re practically rolling out the red carpet for hackers and other cybercriminals.

When you have employees adhering to poor password practices, you need to create and implement a strong password policy to prevent an enterprise data security disaster. Make sure your workers receive a notification to change their passwords every quarter. What’s more, the new password must adhere to the following requirements:

• It shouldn’t match the previous passwords.
• It must contain at least nine characters (the longer, the better).
• It needs to include a combination of symbols, upper- and lower-case letters, and numbers.

Changing and memorizing a long, complex password can be highly inconvenient for some employees. One trick to creating this kind of password is to learn a sentence only you can identify.

Take this sentence as an example: “My best friend munches a batch of French fries.” Turn that into an acronym, and you’ve got: MbfmabofFf. You could turn the letter “o” into a zero, then add the birth date of your best friend (or whatever special number you feel like adding). Finally, start or end the password with a symbol.

3. Web Surfing

Office workers often use the company’s internet to surf the web during lunch breaks or downtime. If your tech staff doesn’t protect and configure your systems properly, employees may come across websites with malware, which can cause machines and other devices to become infected.

As a business owner or manager, you can restrict access to specific sites that your company or tech team determines as dangerous or inappropriate. Although this tactic works well for well-known and distinctive destinations, it may be time-consuming and complex to administer.

If you insist on this strategy, make sure to supplement it by securing systems with anti-spyware and anti-virus software. What’s more, train your employees on the value of staying careful on the web.

4. Malicious E-mail and Phishing

Fraudulent e-mails can destroy your company’s IT and network security, as well as compromise your data. They may contain harmful attachments, codes, or links that give cybercriminals access to devices and data.
You can stop these malicious e-mails from harming your business by educating your workers about recognizing suspicious e-mails.

A few of the red flags they should look for include the following:

• Offers and promotions that are “too good to be true.”
• Unwarranted technical or customer support
• Popular companies have deceptive URLs and misspelled names, such as Amazon.com.
• Unsolicited or suspicious downloads or attachments.

You hired your employees to help grow your business, not destroy it with poor cybersecurity practices. Implement strict IT policies and use the right tools that can protect your organization from criminals.