4 min read 5 Ways Your Employees Are Unintentionally Sabotaging Your Data Security

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.entrepreneur.com/article/252683

In today’s world of cyberattacks and data breaches, it can be difficult to
know what software and which people to trust with your company’s most
sensitive information. Unfortunately, it’s not only people with malicious
intent that you have to look out for. Your employees, even the ones that
only have your company’s best interest at heart, may unintentionally be
making a series of critical mistakes that could put your data security at
great risk.

Below are a five ways that your staff might be inadvertently sharing
confidential information:

1. Stepping away from their workstations.

Any time that an employee steps away from their workstation, especially if
they have data programs open on their desktop, they are making your data
accessible to anyone that may be in the room. This is particularly
dangerous if you have employees that work remotely, like in public coffee
shops, or if employees working in the same office have various levels of
data security clearance. To avoid this mistake, make sure that data storage
and management programs automatically log users out after a small period of
inactivity and teach employees to always log out of their programs when
leaving a device unattended.

2. Not using two-factor authentication for passwords.

One way to avoid unwanted eyes cracking employees’ passwords is to employ
two-step authentication. For example, when an employee sets her password a
numeric code is sent to the employee' smartphone. This code must be typed
in to the software in order for the employee to access the data. Typically
the device you are accessing the software from is "remembered" so that the
employee does not have to go through the process every time they log in.

3. Sharing files via email or another collaboration tool that doesn’t limit
access.

Your employees may think it’s harmless to share information via email or
through collaboration networks such as GoogleDocs and Dropbox, especially
when the communication is with trusted colleagues. However, these programs
are not always secure, and there’s nothing stopping someone from sending a
document to a third party or additional unsecure program. It’s important to
explain these dangers to employees and make sure that email and other
insecure data-storage solutions are only used for information that can be
shared with the public.

4. Saving documents to the wrong destination

Everyone makes mistakes. If your employees accidently save a document to an
incorrect destination, and the destination is unsecure, you could be in
trouble. To avoid this mistake, encourage employees to create two laptop
log-ins. When working with sensitive information, they can log in to one
profile where all programs and folders are secure. And to communicate via
email, social media, etc., employees can switch to a new laptop profile.
Additionally, make sure that all employees know never to save anything to
their desktop as it is especially unsecure and the data can be lost if a
laptop is damaged.

5. Accessing files from non-secure devices.

This is a tricky one. We all juggle between our laptops, tablets and
phones, replying to personal texts while handling work emails. While it’s
great to know that your employees are dedicated to work and want to check
emails in the evening or at lunch breaks, it’s important to talk to them
about which devices run security software and which do not. Explain to
employees that they must use only work-approved devices for work-related
communication, especially when sensitive information is involved.

They key when it comes to employees and data security is education. Make
sure that your employees are crystal clear on what information is sensitive
and what can be shared. Teach your employees how to use data security
software and discuss how to protect against common mistakes. If everyone
understands what is at stake and feels confident in what needs to be done
to protect the company’s data, you will greatly lower your risk of a data
breach.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!