skip to Main Content
Employees Sitting Together Around The Table And Laugh

Common ways employees compromise security

Every organisation around the world is at risk of cybersecurity attacks, whether it is through data breaches, brute force attacks, or malicious email. It may come as a surprise to know your employees are one of the biggest risk factors for your company’s critical data being exposed to malicious actors.

While it is generally through lack of awareness, employees are very likely to be the target of cyber-attacks, particularly through emails which account for over 90% of data breaches.

This is why it’s so important to be aware of the risks to educate employees about security and protect your company.

Here are some common ways employees can compromise your business security:

#1: Public Wi-Fi

If your employees are working outside the office and connected to public Wi-Fi, there’s a chance they’ll be open to hacking. Public Wi-Fi hotspots are very easy to connect too so you should give this some thought. Most public networks are not secure and make you an easy target for hackers to access and steal business data which is then used maliciously.

When accessing public Wi-Fi networks, ensure you use a VPN or your cellular network.

#2: Password use

Sharing passwords with others, reusing the same password, or using weak passwords is an open invitation to malicious actors, who are becoming more innovative and using more sophisticated techniques to access this information.

Here are tips to make passwords less vulnerable:

  • Use passphrases, which are sentence-like strings of words, longer than passwords, easier to remember, harder to guess
  • Utilise a password generator
  • Enable multi-factor authentication for added security
  • Use a secure password manager to store passwords.

Passwords should be used on all devices your employees use to access business-related information, including mobile phones.

#3: Phishing email scams

Human error is one of the most common ways businesses are hacked, so it is extra important to make sure your employees are aware of threats such as phishing email scams. These attacks are posed as an email that appears legitimate, sent from a trusted source. The email will ask employees to complete tasks that reveal sensitive data, which is then stolen or used to extort money.

Make regular cyber awareness training available to employees so they can stay updated on new scams and be aware of the cybersecurity risks if they fall for phishing scams.

a cup of tea with elctronic accesories on a table

#4: Use of personal devices

With the rapid shift to remote working over the past few years, using personal devices for work purposes has been beneficial but it comes at a security cost. Personal devices can be more vulnerable to cyber-attacks, and may be sold or disposed of in an unsecure way. Connecting personal devices to your corporate network can increase the risk of malicious software being spread across the business.

Having the right cybersecurity measures in place and the right tools to facilitate the use of personal devices, such as Citrix or Microsoft 365 can give you confidence your employees personal devices aren’t a security risk to your business.

#5: Unauthorised cloud services

Many businesses use cloud computing options to enable employees to access and store data that facilitates their job. Using the cloud to store information is increasingly popular, due to its accessibility, efficiency, and flexibility. However, using services that haven’t been approved by the IT department to store business related data, such as Dropbox, is a disaster waiting to happen. Your business has no control over data stored in these cloud storage facilities. Using an approved cloud service for data storage and collaboration will reduce the security risk and encourage employees to be more aware of their behaviour.

#6: Using social media

Many employees will take a quick ‘break’ and surf the internet or check their social media while using their employer’s internet. This makes it more likely they’re going to access websites that contain malware or click-bait, which direct users to malicious websites to download harmful content. Many threats can appear without warning, as threat actors use more complex methods to infiltrate networks and systems.

The solution to this problem is to ensure your business systems are secure, install endpoint security on company devices, and ensure your employees are aware of the importance of using the internet safely and securely. Using the services of a managed service provider can also ensure your critical business data is kept safe. MSPs have advanced security expertise and solutions that monitor and detect threats, then respond and protect against attacks.

#7: Lack of security awareness

To be fair, most employees don’t set out to expose their company to hacking or data breaches, it is usually by accident resulting from a lack of security awareness these incidents occur. Implement cybersecurity awareness training across your business to ensure employees can be well informed about security threats and how they can take responsibility for reducing security risks.

Enhanced security measures for your business require advanced expertise and knowledge, which may not be accessible through your inhouse IT team. This is when partnership with a proactive, responsive IT support team who use a multi-layered approach to security is invaluable.

The security specialists at INTELLIWORX offer a range of comprehensive, tailored solutions to suit your business needs and allow you to focus on your goals.

Shane Maher

We passionately work on the IT Infrastructure of mid-tier businesses and support MSPs into cloud services. I have over 17 years of commercial experience that includes supporting and managing IT systems, developing infrastructure solutions, both onsite & in the cloud.

This Post Has One Comment

  1. When we decided to implement 2FA we received some negative feedback from several employees which said that this would make logging-in a hassle. After several days everybody was already onboard. Add to this regular cybersecurity training sessions and I can safely say we’ve covered a lot of ground.

Leave a Reply

Your email address will not be published.

Back To Top