What an employee may think of as an innocent task could result in a security breach. From copying files to a USB drive, using personal devices, or using the cloud (e.g. Dropbox, Google Drive etc).to store company data. Company information may be compromised and malware could be downloaded onto the organisation’s network.
Many employees need to gain access to multiple networks and will be required to change their password regularly. This can result in staff choosing weak passwords that attackers could easily guess and use to gain access to networks. Review your password to policy to make sure that it’s good enough and is relevant.
Businesses are now more prone than ever to phishing attacks. According to a government report a large wholesale business received approximately 340,000 phishing emails in 2016 . There are ways to spot a phishing attack to prevent employees falling victim. Train your staff so that they are aware of phishing and they can easily spot this type of cyber-attack.
Most of us have been guilty of browsing the web during work hours, but using a company device for personal use can cause risks. Some websites may be unsafe and malware can be downloaded without the user realising. Consider blocking certain websites to prevent damage to a business computer as well as stopping staff from looking at sites they shouldn’t be.
Employees may not realise that what they post on social media can be a threat to businesses. A member of staff may be tempted to take a selfie with colleagues during a charity cake sale day and be unware they have uploaded a snapshot of company documents that could reveal company financial information and other sensitive data.
An employee may also post about their company and their role within the organisation giving hackers the information they need to send a phishing attack on the business or steal the employees corporate identity.
Ensure that your policies and training are updated and actionable so that your staff are aware of the dangers of social media and that they use it in a safe way.
Some employees may purposely wish to cause harm to a business. This can be one of the biggest threats to an organisation. Staff can steal sensitive information, data, code and intellectual property. If you believe a member of staff is stealing company information or acting unlawfully this should be reported immediately.
How we help
The Security Bureau can assess your online exposure. This will reveal how your organisation looks from a hacker’s perspective and identify ways you can reduce risk. Find out more about our service here.
We also provide policy reviews and staff security awareness training that is designed specifically for you. See more information about staff awareness training here. Find advise for helping new starters with security awareness training here.