Are Your Employees A Cyber Security Risk?

These days, businesses face a whole host of data security threats. Not only is the threat matrix constantly growing and evolving, but the attacks themselves continually grow in complexity and sophistication.

Some threats are easier to manage than others. With a robust toolset, backed by round the clock monitoring and rapid response teams in place to deal with potential incursions, you can defend your company from all but the most determined threats.

Unfortunately, all those data security measures can be undone from within, by the biggest security threat most business owners don’t see coming: Your own employees.

The simple truth is that your network is only as secure as its weakest link, and most of the time, the weakest link takes the form of your employees themselves. Here are just a few ways they could be unknowingly undermining your data security efforts:

They Don’t Know What They Don’t Know

Sans education about the most common hacking methodologies, your employees are essentially defenseless. Many of your best and brightest people may have no idea that some of the things they do on a daily basis are putting your company at risk.

• Opening email attachments from unknown and untrusted senders
• Giving out sensitive information over the phone or via email without confirming the identity of the person asking for it, and confirming whether or not that person is authorized to receive the information in question
• When traveling, connecting to network resources via free WiFi hotspots
• Using overly simplistic passwords
• And using the same password across multiple company network resources

They’re Easy Targets

Education is central to addressing these issues, but studies have shown that it’s not a ‘once and done’ process. Periodic refresher courses and reminders are essential.

The easiest way for a hacker to gain sufficient information to gain access to your network is via a phishing campaign. In fact, the security firm Symantec estimates that more than 70% of all targeted hacks begin with a simple phishing scam.

It’s almost laughably easy for a skilled hacker to create an email that appears to be completely legitimate, often appearing to come from a company that your firm has an ongoing relationship with. When an employee sees this email and recognizes the company, he or she will often send a reply with whatever information is requested, thinking that it’s routine.

Playing Fast And Loose With Data Storage

This is a much bigger issue than most business owners realize. These days, your employees are almost certain to take work home, so they can work during off hours. Unfortunately, the most common means of taking work home is to store sensitive company files on a completely unsecured flash drive they can simply plug into their home computer.

Sadly, it’s all too easy to lose track of those tiny drives, which means they can easily fall into the wrong hands, along with whatever sensitive corporate data might be on them.

What Can I do?

Any of the items mentioned above can render even the most robust security systems meaningless. Like it or not, your employees are certainly your single biggest security risk. The key to combating this internal threat is through constant and continuous education. Cyber security education must be a requirement for every employee in the organization.