Employees can be your most valuable asset — and your biggest security nightmare. Sometimes, they engage in risky behaviors without even realizing they are doing so. Taking work home, for example, might seem innocent enough, but it can put holes in your security defenses.
Here are five ways that your employees might be putting your business's computer systems and data at risk:
1. Using Personal Email Accounts for Work
Employees often use their personal email accounts to send company data. An Ipswitch survey provides some insights into why. It found that employees often use personal email accounts when their companies' email systems are too slow, do not allow large files to be emailed, or are difficult to access from outside the office.
If your employees are using personal email accounts for work, your business is more vulnerable to malware because the employees might not have anti-malware software protecting those accounts. Plus, you will not be able to monitor and store any business emails sent from employees' personal accounts. This can present problems, especially if your business must adhere to industry or government regulations that control how sensitive data must be handled.
2. Using Unauthorized Personal Devices for Work
Many employees use personal devices (e.g., desktop computers, smartphones) for work, often without their employers' knowledge. A Gartner study found that 45 percent of workers not required to use a personal device for work were doing so without their employers' knowledge.
Letting your employees use unauthorized personal devices to perform their jobs is risky. If the employees' personal devices are not protected by security software, cybercriminals might gain access to the company data on those devices. Plus, any malware that is present could potentially find its way to the computers in your business. Further, your company data could be in jeopardy if your employees lose the personal mobile devices (e.g., smartphones, laptops) they are using for work.
3. Storing Company Data in Unsanctioned Clouds
Employees sometimes put business data in unauthorized cloud storage services, such as Dropbox, OneDrive, or iCloud. While there is always the chance that employees are doing this for malicious purposes (e.g., data theft), most of the time it is done for other reasons. For example, it might be an easy way for employees to get data from their work computers to their personal devices. Or, they might store data in an unsanctioned cloud to get around file-size limits or file-storage quotas imposed by their employers.
If your employees are storing company data in unauthorized cloud storage services, it is impossible for you to protect and control that data. This can be particularly problematic if your business must adhere to regulations that govern how sensitive data must be handled.
4. Surfing the Web on Work Computers
Letting your employees surf the web on their work computers at lunchtime and during breaks might seem harmless, especially if you have plenty of bandwidth. However, if employees inadvertently visit a malicious website, their computers could become infected with malware. Plus, web surfing can hurt productivity if employees are doing it on the clock.
5. Using Unauthorized Applications on Work Computers
Many free applications are available on the Internet these days — and your employees might be installing them on their work computers. While some free programs are quite useful, cybercriminals like to offer free programs that are laced with malware. As a result, letting your employees download and install any program they want on their work computers presents a security risk. In addition, the free programs might create conflicts with the other applications on their computers.
Identify and Address the Risky Behaviors
Identifying and addressing your employees' risky behaviors is important if you want to keep your company secure. Here are some ways to do that:
Fix any problems that might be leading to risky behaviors. For example, if your employees are using their personal email accounts to send business emails because your email system is slow, you might consider upgrading or switching to a faster one.
Create policies that specify what employees can and cannot do. For instance, if you do not want employees installing unauthorized applications on their work computers, you need to create a formal policy that lets them know it is not permitted.
Put procedures and systems in place that employees can use to adhere to the policies you have set. For example, if you have a policy that states employees cannot install unauthorized applications on their work computers, you should implement a procedure that employees can follow to get an application authorized if they feel it would help them perform their jobs more effectively and efficiently.
Contact your IT service provider to find out even more ways to address employee behaviors that might be putting your business at risk.