Your company´s security system is only as secure as its weakest member, and according to a recent report released by PWC, this can seriously affect your bottom line.
The report stated, “Financial impact may include decreased revenues, disruption of business systems, regulatory penalties, and erosion of customers.” It goes on to include an even longer list of ways that your business loses when it´s not secure.
In many cases, these security breaches are caused by employees. The good news is that you can take measures to make sure that your employees aren´t doing anything that could allow for security breaches.
Here are some things you need to look for to find the weak links in your security system and make them strong.
Problem #1: Unauthorized Software Downloads
Also known as “shadow IT,” this is when an employee downloads unauthorized software to their company computer.
Although these software programs have seemingly innocent purposes, such as watching videos or listening to music, many of them contain malware which can infect their computer and any other networked computers to find information on your company which can then lead to a security breach.
Solution: Implement and enforce a strict policy regarding software downloaded from the internet. Every employee must check with IT before downloading any additional programs to their computer.
Problem #2: Passwords Aren´t Strong Enough
Whether it´s laziness, an unawareness of the importance of strong passwords, or an inability to remember complex passwords, many employees need to create stronger passwords to avoid hackers getting into your network with their access keys.
Strong passwords need to contain both upper and lowercase letters as well as numbers.
Solution: A great way to create a strong password that contains these is to form a sentence then use the first letter of each word to form a difficult-to-guess password. For example, “I want to have a picnic on July 4th” becomes “IwthapoJ4.”
Problem #3: Former Employees Can Still Access Accounts
Imagine if you allowed an employee to keep the keys to the office after letting them go. It´s the same when you don´t change the passwords on computers and other accounts after an employee leaves.
A recent study shows that up to 23% of employees are willing to steal information from their company while employed, and that number can only go up with a disgruntled former employee.
Solution: Be sure to change every password as soon as an employee is terminated. That includes their computer and email accounts, and their voicemail password.
Problem #4: Employees Using Personal Computers for Storing Work Files
Many companies now employ the use of “clouds” to allow easier access to and sharing of files. While there are many advantages to cloud computing, one big disadvantage is that employees can download files with sensitive information onto their own personal computers when working from home, and they probably don´t have the same level of protection at home as you do in your IT department, which leaves those files at risk.
Solution: Do not allow employees to download any information to any computer other than their work computer. If it is necessary for them to take work home with them, you may consider providing them with a laptop that is protected the same way as your work computers.
Problem #5: Social Engineering Can Lead to Stealing or Guessing Passwords
There are several methods that hackers use to steal passwords of employees to gain access to your network. One way is simply visiting your office and looking for passwords that employees may have posted on sticky notes near their computer or in their top drawer.
Another method is social engineering, which involves a hacker calling an employee and getting personal information from them that can help them guess their password.
Solution: Do not allow employees to keep passwords in written forms where they are easily accessible. If necessary, they may be able to create a hint or code for themselves, but even that should be kept hidden. Additionally, you should not allow your employees to give out personal information over the phone.
That’s it for now,
Thank you for taking the time to read this post. I hope it has helped you better understand how to improve your cyber security efforts. If you have any question or would like to schedule a free consultation, please get in touch.
See you again soon!