used with permission from HP Technology at Work
Even if your business is using updated software, firewalls, and antivirus protection, your employees could create a cybersecurity risk. Common errors that employees at all levels make when using technology may prove costly—or even fatal—for your company. How can you best protect your business?
The risks employees pose to your cybersecurity are serious. Two out of three data protection and privacy training professionals say employees are the weakest link in their efforts to maintain cybersecurity, while 60 percent say employees aren’t knowledgeable about potential risks their companies face. With the cost of cybercrime on the rise (for smaller companies, the cost rose by 12 percent in 2015 compared to 2013), this kind of ignorance poses a serious risk to your business.1
Understanding what employee actions endanger your business is key to preventing them. Common causes of employee-related cybercrime include:
- Social engineering. The method used to hack Target’s point-of-sale systems, social engineering plays on employees’ trust to trick them into revealing sensitive information. Tactics include “phishing” (sending an email pretending to be from a vendor, bank, or other trusted source) or “vishing” (calling someone on the phone to obtain sensitive information).
- Insider cybercrime. Disgruntled current or former employees with access to your network can wreak havoc.
- Downloading malicious files. Employees may carelessly click on links or open email attachments containing malware.
- Ignoring or disabling security software. Employees may do this to speed up their computers, access forbidden websites, or install software for personal use.
- Carelessness. Thoughtless mistakes such as losing laptops or mobile devices, using weak passwords, sharing passwords with others, or not following security protocols can cause data breaches.
- Non-secured services. Employees may use public networks or non-secured cloud-based services such as Dropbox or Gmail to store data, share files, or access email.
With a full understanding of these risks, you can take steps to protect your business by training your employees to take cybersecurity seriously.
- Develop a policy for computer, mobile device, and internet use. Communicate the policy and emphasize that adherence is a factor in promotions and performance reviews. Offer incentives for compliance with the policy and for reporting security issues.
- Provide mandatory security awareness training for all employees (including executives). Topics covered should include social engineering, the importance of using strong passwords and keeping them secret, securing mobile devices, and safely using the cloud. Conduct training at least annually—more often if needed.
- Restrict employees’ access to sensitive data unless absolutely necessary. Monitor network use and require passwords be reset at least every six months. When employees or contractors leave your business, remove their access immediately.
Despite your best efforts, employees will still make mistakes. Safeguard your business against human error by using technology with native (built-in) security features such as:
- Remote device management lets you manage the security of mobile devices, lock and wipe devices, destroy data on hard drives if a device is lost or stolen, and automatically update or enable firewalls and antivirus software so they’re always current.
- Fingerprint sensor technology, used alone or with passwords, is more secure than passwords and doesn’t slow employees down.
- Full-disk encryption keeps data safe even if a device is lost or stolen.
- Data protection tools let you remotely audit, block, and override employees’ attempts to share data.
- Pull printing allows only authorized users to retrieve documents, lessening the risk of employees leaving sensitive documents lying on the printer for prying eyes.
By staying alert to the latest cyberthreats affecting your business, and following the best practices outlined here, you can help protect your business from a potentially devastating data breach.
 Ponemon Institute, Managing Insider Risk through Training & Culture