We live in the world of knowledge workers. A world where what a company knows is far more valuable than what a company physically possesses, which makes Data Security one of the most pressing concerns for Big Business—despite most businesses being unequipped to deal with these dangers.
Here we’ll be covering three innocent mistakes that employees make, one less-than-innocent mistake, and how an enterprise can mitigate these dangers
1) Lack of Awareness Training
The truth of the matter is, your employees are probably not security experts, and they’re probably not equipped to recognize highly sophisticated social engineering attacks like Phishing and Spear-Phishing.
“Phishing is the attempt to acquire sensitive information such as usernames, passwords, and credit card details (and sometimes, indirectly, money), often for malicious reasons, by masquerading as a trustworthy entity in an electronic communication” (Phishing attacks and countermeasures”. In Stamp, Mark & Stavroulakis, Peter. Handbook of Information and Communicat Security. Springer).
In the past these were rarely successful due to poor spelling and grammar, however these days these attacks are often written grammatically correctly and may appear to becoming from within the company. Your employees may innocently be providing information to someone from another department whom they believe to have access to that information. This threat can be mitigated by making clear guidelines about what information is never to be shared via email or over the phone. (For example. the IT department will never ask staff for passwords.)
Imagine you’re an employee who’s noticed a security threat or may have fallen victim to a sophisticated phishing attack. Do you know who you would report to? The truth is that most companies don’t have clear accountabilities or hierarchies for reporting security threats. Make sure that vulnerabilities are patched well in advance and that the same mistake never happens twice by making sure that your employees always know how and where to report security lapses or vulnerabilities and feel safe and comfortable doing so. Even if they were the one to make the mistake. Remember, your staff are human, not criminals.
3) Dangers of “Bring Your Own Device”
Everyone wants to use their own device. We use it everyday, we’re familiar with it and can work much faster and smoother with equipment that we’re intimately familiar with. However this can lead to situations where employees are working on computer networks that may not be as secure as your enterprise network. (. All it would take is someone working on sensitive Intellectual Property while on a public Wi-Fi network for all of that data to be taken, and your client’s information potentially being compromised. Despite the possible productivity benefits be very wary with letting employees use their own devices for sensitive material, or make sure that your IT Department or cyber-security team is involved every step of the way.
Less Innocent Mistake…
I know I said that your employees are human, not criminals, but sometimes there are tough breaks and people make some rash decisions and decide to steal company property or information. The US Chamber of Commerce estimates that employee theft costs American businesses $20 to $40 billion per annum so this issue shouldn’t be ignored (“Employee Theft Still Costing Business” – Inc.com). This threat can be contained by making sure that there is clear internal infrastructure for reporting security concerns as discussed above, and making sure that disgruntled employees don’t have unbridled access to sensitive information.
WinMagic – Your Trusted Source for Data Encryption Solutions
Are you looking for ways to safeguard your company’s most valuable asset? Contact WinMagic today at 1-888-879-5879. WinMagic has been helping customers secure data through encryption since 1997.
Our products have won several awards, and we have five million clients in over 80 countries. Find out how our data encryption solutions can work for you and your business by speaking with a customer service representative.