The Most Dangerous Things Employees Do Online
Human error is the primary cause of data breaches
Researchers from Stanford University and a top cybersecurity organization found that approximately 88 percent of all data breaches are caused by human error.
Just as the best locks in the world are worthless if you forget to use them, the best online security system can be thwarted quickly by a careless employee. Set policies and procedures so your employees understand the importance of online security and aren’t making any of these common mistakes that could result in a devastating security breach:
1. Opening e-mail attachments from unknown senders.
Everybody should know not to do this, right? And most people do. But no matter how often they are warned, some people still can’t resist opening an attachment or clicking on a link when they aren’t sure it’s safe.
2. Failing to watch for spoofed e-mails that mimic a known sender but that include a malicious attachment.
People rarely question a file apparently sent by someone they know, even though it may not have been requested or the reason for it isn’t explained adequately.
3. Installing unauthorized applications on company computers.
When employees install programs you don’t know about and haven’t approved, they are increasing the risk of exposing your system to malicious code and security failures.
4. Disabling security tools.
One of the problems with some security tools, such as firewalls, is that they slow a computer’s performance. Frustrated employees have been known to figure out how to turn off these tools, which leaves the system open to attacks. Employees also try to avoid or work around other security features, such as automated virus updates and requests to change their passwords, because they see these functions as annoyances that keep them from doing their “real” work.
5. Surfing risky sites on company computers, such as gambling, porn, other sites with objectionable content, and even music and shopping sites.
Such activities waste time, reduce productivity, increase the risk of a security breach, and may create a hostile working environment for employees that could lead to litigation and/or fines and other sanctions.
6. Sharing passwords. Trusting employees may give a colleague, friend, or family member their password.
Or, despite instructions on how to create and maintain secure passwords, employees will still use passwords that are easy for someone else to figure out and/or they’ll write their passwords down and keep them somewhere near their computers for easy access.
7. Using an unknown, untrustworthy WiFi network.
It’s easy for someone on the road to use the closest WiFi connection, perhaps at an airport or a coffee shop, but there’s no way to know for sure that those networks are safe and aren’t being run by a malicious attacker. Even if an employee is working offline in a public place but has a wireless card attached to his computer, there’s a risk a hacker could access the machine and even your corporate network. Wireless cards should be disabled whenever working offline in public places.
9. Filling out online forms.
Hackers use keyloggers and XSS (cross-site scripting) to steal sensitive data. People are at greater risk of being hacked when they use the same user name and password for most of the sites they visit.
10. Participating in chat rooms and social networking sites.
While business social networking sites allow people to post messages and maintain a potentially valuable online presence, they can put your information at risk.
This is an updated version of an article that was previously published at Entrepreneur.com and in The Entrepreneur’s Almanac and Protecting Your Business by Jacquelyn Lynn.
You might also enjoy:
Here’s a little more about me:
Finally, here’s how to get a beautiful inspirational quote delivered to your inbox every Saturday:
