Did you ever take home an office owned pencil or pen or maybe a couple of notepads? Overall, it is harmless. Organizations nowadays are facing bad employee behavior especially regarding cyber security in organization. It is found that nearly one-quarter of your employees shared their login information with another colleague and out of this one-quarter 14% employees provide passwords to unauthorized users for as little as $150.
Shocking, right? It is most common risky behaviors that pose a threat to IT security and every day there seems to be something new in the headlines. Employees sometimes do not follow guidelines and practices about organization’s Cyber Security. However, sacrificing quality and security assurance is a mistake that business simply cannot afford. So, listen up and find out if your employees have any bad security behaviors that is putting your business at risk or not. Some of bad security practices are listed below:
No two employees should ever share the same log in and password because there are no way those organizations ever ensures who did what and where. Meaning each individual needs to be accountable for their own actions through their unique account. Sharing accounts is never a good idea especially if there is protected information involved.
Social Media Sites For Personal Use
While it is understandable that social media may be employees main source of communication with friends and family, even while they are at work. So there should be some restriction on social media usage otherwise, organization can face data breach, ethical issues etc. Therefore, it is better for organization to guide employees about social mediate etiquette. In a study done by Blue Coat in 2015, it found that 41% of employees use social media sites for personal reasons while on the clock. In addition to the potential ethics violations there is a huge risk to the organization as cybercriminals are waiting with malware on shortened links ready to deliver a fatal virus and this just gave them a way in.
Spam folders accumulate quickly these days so best practice is to dump it in its entirety – often. Do not wade through it opening items here and there just dump it. So organization should tell employee about not to be messing around in the spam folder too much because there is a reason as it is junk mail that poses a significant risk to organization if employee open the wrong email.
Do Not Open Email Attachments Or Links
Hackers and malware writers are becoming more sophisticated with their techniques every day and email is the number one way in which malware is distributed. These individuals rely on social engineering as a way to infect computers. Therefore, employees should try to use trusted file sharing services as much as possible and turn down all other email attachments or they should have take confirmation in email from sender that sender has sent that file intentionally before opening any email attachment and links.
Don’t Bypass The Firewall
There is nothing more annoying than trying to google a simple phrase and being automatically rejected by the company firewall. It can be frustrating but is something that employee have to live with. If it is important enough then employees should put a request with the IT Department asking for access. Firewall protect network from malicious traffic and alert network admin about it. Employees should not change already set Internet Policy and put the company at risk from malware or hacker interruption.
Do Not Install Apps And Other Downloads
Employee account should be secured and restricted from installing or launching unapproved applications to fight against unnecessary security risks for the organization. That’s why each organization should prepare end user policy. This is all covered in BYOD policy set by organizations.
It does not matter how many safety steps organization take to ward off hackers but need to encrypt emails through their own program or there are services that will set it up at a very reasonable price. Along the same vein, organization need to make sure wireless is encrypted and if employees are doing any company work on their own devices then it becomes even more important. Even company has to enable encryption if the website of a company is receiving any data from outside.
Avoid USB Device
In the organization, employees generally use USB drive which may be malware infected which can cause a blunder and may infect the system wholly. Another problem happens when an employee transfers company’s documents in USB from organization’s PC and if it will be lost or misplaced the device, anyone can access it. In another case, if wipe out data then no one will get the data using data recovery tool.
Employees needs to learn positive security behaviors and it is stated in Blue Coat survey that four out of every five employees engage some form of risky online behavior while at work despite being aware of the potential security risks. If employee understand the consequences of the cost and loss of trust it may increase motivation to improve their online behavior. That’s why Companies/Organizations need to focus on training of their employees.