Wish you could get advice from a workplace investigations expert? Register for Meric Bloch’s webinar series where he’ll address common questions and concerns from investigators like you.


5 Ways Your Employees are Putting Your Organization at Risk

5 Ways Your Employees are Putting Your Organization at Risk

Knowing your organization’s vulnerabilities helps you address your weakest links and reduce your risk of data breaches.

Enterprises and small companies alike are increasingly vulnerable to data breaches. But did you know that your employees may be the key to the security risks that leave your business susceptible to these data breaches?

In fact, employees accounted for 25 percent of data breaches in 2016. So, it's important to know the risk factors and how to prevent them.

Consider these five risk factors that employees are putting into practice and the essential steps you can apply to protect your company and customers' data.

1. They're Accessing Sites That Aren't Secure

One of the most common security risks that leave businesses vulnerable to potential data breaches is when employees use company devices to visit websites that are not secure. These sites either lack a secure private connection or may be compromised.

When employees log in personal or private details, such as their passwords, names and addresses, that information is susceptible to being viewed or manipulated by a hacker or malicious code.

However, popular web browsers, such as Google Chrome, Firefox and Safari have a standard security protocol, such as a security symbol, to help you identify whether or not a site is secure. For example, you can check the address bar and see if there is a lock icon to determine if you have a secure connection to a website when using Google Chrome.

The address bar in Google Chrome also indicates when a site is not secure by showing a warning sign icon followed by the text ‘Not Secure.’

To avoid these issues, have your IT department block users from accessing sites that are not secure. Also, turn off features in the browser that allow websites to track their location and store what they do on the site, such as web browser cookies. Also, teach your employees to recognize secure sites, such as looking for the "https" text preceding the website address and accessing sites with security certificates from trusted organizations.

Uh oh! Do you need to download the cheat sheet on 7 Steps to Address a Data Breach?

2. They're Opening Phishing Emails

Phishing emails are continuously becoming loopholes as an entry into a company's infrastructure and are one of the most common gateways to cyber attacks thanks to employees.

Hackers send these malicious emails to employee work email addresses with the goal of manipulating users into doing an action that helps them in their criminal endeavors. For example, a hacker may send you an email claiming that there is a login issue with your Google account and prompt you to click on the link to solve the problem.

Unfortunately, many users often fall for this trick without checking where the email originates from and provide their usernames and passwords giving the hackers full access to their accounts. However, training can play an essential role in keeping phishing email scams at bay.

2016 Enterprise Phishing Susceptibility and Resiliency Report revealed that active reporting can reduce the average time it takes for a security team to respond to a threat down to 1.2 hours versus the industry average of 146 days. Thus, it's crucial to include training for phishing scams. Consider training your team to identify these types of emails and redirect URL requests, and establish a procedure for reporting them.

3. They're Using Personal Devices to Do Business

When your employees use their personal devices for work, it can put your business at risk. That's because employees' personal devices often lack the same security measures that you have for company devices.

For instance, an employee's laptop may not have the latest security update installed or may be running a current version that is known to have a huge security flaw. At my software development company, Arkenea, we have a Bring Your Own Device (BYOD) program, where we ensure our employees' devices are equipped with the latest security patches and antivirus software. You can alternatively completely forgo this option and provide your employees with secure devices from the company.

Need more tips? Read 11 Expert Tips for Data Breach Prevention in 2018

4. They're Being Duped via Social Media

According to a report by the Pew Research Center, 34 percent of the 2,003 Americans surveyed in its study access social media at work to take a mental break. The issue with accessing social media from the workplace email or computer is that hackers can disguise malware in the form of shortened links easily.

Also, hackers can easily disguise themselves as someone else to trick the employee to give up valuable information. If their social media account is hacked, your infrastructure can potentially be vulnerable to an attack, especially if your employees are using the same passwords for work accounts as their social media accounts.

That's why it's important to ensure your employees are using long and unique passwords. Also, review workplace policies for accessing these types of sites on the job with your employees, and consider having designated computers that use a different connection than the company's private connections that employees can use during their breaks.

5. They're Storing Company Data Using Cloud Storage That Isn't Secure

While cloud storage makes storing information easy, it can put your company at risk if your employees are storing company data using cloud services that aren't secure.

For example, if an employee saves a company project on a public cloud storage system instead of the company's private cloud, they could risk sensitive data being hacked should a data breach occur.

Fix this issue by using a reputable cloud storage service and train your employees on how to access and store information using this private cloud storage. Also, teach your employees never to save any business related information online unless the service is approved by the company.