Three Dangerous Employee Security Habits That Can Affect Your Business
When you think about data security for your business, the first thing you picture is usually an outside intruder. It might be a cyber spy from overseas or some kid in his parent’s basement hacking into your servers. However, the greatest threats are most likely sitting in your office or, these days, those people in the boxes of your video calls.
We’re not saying all your employees have malicious intent. The chances are that they would never do anything intentionally to hurt your business, most likely an attack is the result of poorly trained staff and failure to enforce cybersecurity policies.
Here are the top ways your employee’s security habits, especially those working remotely, can affect your business.
Falling Hook Line & Sinker for a Phishing Attack
Phishing attacks are getting more and more common. Phishers are getting more sophisticated with crafting emails that look legitimate, convincing untrained employees to install malicious software, share private information like passwords, or require them to log in to a website that looks official but really is just sending information to the scammers. This is where employee training really comes into play. Your employees probably think that there are many defenses already put into place to protect against outside threats, but with technology constantly evolving, so are hackers. Offering regular training to employees on detecting email phishing and testing your employees with staged phishing scams is the best way to know where your vulnerabilities are and how to protect against them.
Read more about how GTS can get your team off the phisher’s hook here.
Bad Password Habits
All it takes is one employee with a password like “123456” or “password” to give cyber-criminals access to your company’s sensitive data. That is why it is so important you have a strong and well-enforced password policy established with your staff. This policy should include making sure your employees are prompted to change their passwords four times a year and give each password specific requirements. These requirements can include a password with nine or more characters, a combination of letters, numbers, and symbols, and both upper and lowercase letters. It’s also crucial that the new passwords do not match any of the employee’s previous ones. We understand it can be inconvenient to change and memorize a long and complex password, but a password storage system, like the GTS Password Portal, can help. Our system offers tiered access for everyone on your team. You can store personal passwords in your personal portal and give access to shared passwords through a company portal.
Employee Access Free-For-All
No matter how much you trust your employees, it’s smart to set internal controls and limit each employee’s access to only the information they need for their job. Have your systems set up to log the information each employee accesses. It’s also a good idea to establish segregation of duties, preventing an employee from having too much responsibility. Finally, make sure you can revoke an employee’s access quickly if you suspect malice or misuse.
Most cyber threats against small businesses are preventable. While you can’t eliminate the possibility of a data breach, with the right security practices, you can reduce the likelihood of an attack and minimize the damage if one occurs. Give Grand Technology Solutions a call at (904) 606-6011 or email email@example.com for more information on getting set up with company-wide data protection. We’re ready to help!