7 Ways Employees Put Your Company’s Data at Risk

Sponsored by Bitdefender

By Rieva Lesonsky

It makes sense that the Sonys and Targets of the business world are marked for ruin by cyber hackers—there’s important data to steal and thousands of entry points to get into their systems. Data theft could never happen to you, right? The truth is, hackers look for the weakest links in any organization, and that usually means the employees in a company—no matter that company’s size.

According to the 2015 Cyberthreat Defense Report by CyberEdge Group, low security awareness among employees is the biggest factor hindering businesses’ defense against cyberthreats, followed closely by insufficient budgets for cyber security. Your employees are probably compromising your business’s important data right now and don’t even realize it.

The solution is to educate your employees on how breaches occur and how to avoid exposing valuable company data. Following are the top ways employees are putting your small business data security at risk, and tips for how you can remedy the situation.

  1. Data in motion: Well-meaning employees wanting to send business documents to a home computer to work on over the weekend could be exposing your company to big trouble. Home computers, typically used by the entire family, generally have fewer security measures in place than business computers, and who knows what malware may be lurking inside? If you’re going to allow employees to work from home, make sure they have dedicated work computers and that data is encrypted when it’s sent back and forth via email.
  2. Mobile devices: The same rules apply for data accessed on employees’ mobile devices such as smartphones and tablets. The best way to reduce risk is to issue a company-purchased and company-managed device to each worker. Install mobile device management software to safeguard info in transit and if the device is lost or stolen.
  3. Email: Most employees should know by now not to click on suspicious links in email, but you’d be amazed at clever and persuasive some cyber criminals can be. Set up an email policy for your business that includes not opening email attachments from unknown sources, having employees look up links instead of clicking on them, and deleting emails with attachments within a certain timeframe.
  4. Thumb drives and other add-ons: How easy is it to lose a thumb drive? If you ban the use of removable media, you reduce the risk of important data falling out of someone’s briefcase or pocket. Likewise, laptops and tablets can be easily stolen or lost. Make sure all information is encrypted and stored in the cloud so it cannot be accessed by whoever finds the device.
  5. Passcodes: It’s likely your employees use the same passcodes on their personal devices as their work devices and might even give their passcodes to family members and coworkers. Develop a password policy that requires changing access codes every 30 days. Invest in a password management program to create complex passwords, encrypt and store them.
  6. Non-work-related apps and websites: You don’t want to come across as Big Brother, but on the other hand, you need to make sure employees aren’t going to risky websites or downloading programs on their computers that could compromise your data security. Set up controls for work computers and devices, and block non-work-related file-sharing websites.
  7. Malicious acts by employees: You may not believe your employees could purposely allow your company’s data to be accessed, but it happens all the time. Whether the employee wants to steal some of your customers for a personal endeavor, or has a long-festering disagreement with your company, make sure you have security processes in place to safeguard all data coming and going from your company, and change access codes whenever an employee leaves your company—either willingly or unwillingly.

Even with your best efforts, employees are going make mistakes. To prevent this from hurting your business try Bitdefender GravityZone Advanced Business Security, which protects workstations, servers and mobile devices.

Photo Credit: DigitalVision/Thinkstock