Your #1 Security Threat – Well-Intended Employees
Save Money & Increase Productivity with VoIP
January 3, 2019
Benefits of a Windows 10 upgrade
March 27, 2019
Employees Do Not Understand why Policies Matter
It's important to educate and reinforce physical security measures to protect your company from insider threats. Often insider threats consist of well-meaning employees who make poor decisions involving security. There's a variety of mishaps that take place at work.
Employees hold open the door for uninvited guests. They go against the security policies of the workplace because they are trying to be polite to others. Or perhaps they use a weak password (that is easy for them to remember) ignoring the policy guideline.
Other times employees forsake security risks to be more productive. They do not follow the written policy in an effort to save time. The employee walks away from his/her desk to use the restroom without locking their computer screen or locking up sensitive documents. Another example is walking away from a copier or fax machine that is processing private information before retrieving the document containing the sensitive information.
Some employees are easily scammed by social engineering techniques. These targeted employees are often public facing and inadvertently give away information that could be used to gain access to restricted areas or to private information all while having a friendly casual conversation with a visitor. These employees are friendly by nature and may leak confidential information during a lunch break without even realizing it.
Another type of breach of information is when employees fail to secure data that is no longer used. Failure to dispose of old records is one example. Clear computers's data before disposing of them. Data shared with third parties must also be managed carefully.
Test Your Employees
Train your employees about security and then test their knowledge. The best way to test them is to present them with fake exercises. For instance consider hiring a cybersecurity professional to perform a social engineering exercise at your company. Discover where the vulnerabilities lie with your employees' security behaviors and react by reinforcing the education of your employees and adjusting policies where needed. Post a list of security best practices to remind your employees to make the right choices.
10 Best Practices to Include:
- Never walk away from your computer without first locking the screen. Do not leave sensitive documents on your desk when you walk away.
- Keep your data center locked and if possible, place a security camera nearby.
- Do not hold a locked door open for a stranger.
- Be cautious about the information you reveal during casual conversations.
- Properly dispose of computers or documents with confidential information.
- Carefully manage what information you share with others. Only grant access to various applications, confidential files and restricted areas of the building when vital to the work of the employees, partners or contractors.
- Enforce strong password policies and use multi-factor authentication when possible.
- Do not walk away from a fax machine or a copier while it is still processing sensitive information.
- Be cautious when sending emails with sensitive information and confirm that you are sending it to the correct party.
- Do not accept invitations on social media from people you do not know.
Failure to recognize and appropriately address insider threats in the form of well-intended employees could be a costly mistake. The safety of your company's sensitive information is dependent on the implementation and ongoing practice of security measures that engage all employees and create an overall security conscious culture. Your employees are your greatest asset, but also your greatest point of vulnerability.