The biggest IT security risk for a company is often its own employees
This is how you can mitigate against some of the main dangers.
CYBERSECURITY FOR COMPANIES is growing more complex and intricate than it was even a few years ago.
Digital technology has become intertwined with most companies’ day-to-day activities – from data storage to video conferencing and marketing on social media – so it has never been more important to have the proper security measures in place.
While there are a number of factors that can leave companies open to a cyber-attack, one of the most overlooked is the employees within the firm itself.
With that in mind, we look at some of the main IT security risks around workers – and how they can be mitigated:
Poor password practices contribute to the majority of a company’s security risks. In a recent Sailpoint survey, 65% of employees admitted to using the same password in multiple locations. While it seems like common sense to have a different password for different resources, it is often disregarded by employees. Some 32% of people admitted to sharing passwords with co-workers, according to the same survey.
Simple tips for creating a password include creating one that:
- Has at least 12 characters
- Includes a myriad of numbers, symbols, capital letters and lower-case letters
- Isn’t a dictionary word or combination of dictionary words
- Doesn’t rely on obvious substitutions, such as using the number ’0′ for the letter ‘o’
Companies can set up two-step authentication for any sensitive data, including the use of biometric data – such as fingerprints – in addition to passwords.
One worrying figure for firms is that 1 in 5 employees globally would sell their work passwords for sums as low as €50. This can be done through the Darknet and, by giving a hacker these details, it can grant them access to a whole corporation’s IT infrastructure, causing untold damage.
Organisations should consider linking trusted, registered devices to individuals and logins: this would help to cut down on the risks associated with password theft or password-selling.
Physical security of IT devices should also always be at the forefront of employees’ minds. When staff are going for a cup of coffee or lunch, they often leave their computers unlocked. This can allow anyone with access to their desktop to get access to files.
While simple, it is vitally important that employees log out or lock their screens when they are away from their desk. Mobile devices associated with a firm should never be left unattended in cars or public places.
It is becoming more regular for employees to also use their own accounts with cloud services such as Dropbox to access files away from the workplace. By doing this an organisation’s important files are often outside of a company’s control. An employer should look at encrypting all sensitive information with a security mechanism that makes it impossible to read the files outside of the organisation.
Another issue for a company’s IT security is when employees leave after termination. Often workers can still have access to corporate accounts, leaving it open for them to use sensitive data in their new roles. Companies should enable logging of database access, so it can be determined when, where and by who any particular piece of information was retrieved.
Proper training needs to be put in place by organisations when it comes to IT security. This training should run from top to bottom within an organisation. For example, many employees use their personal email accounts when sending sensitive company files, not realising the risk this creates for the company. Employees should be made aware of best IT security practices.
There is an ongoing clash between employees wanting the freedom to go about their work on mobile devices anywhere at any time, and organisations having adequate security mechanisms in place to protect their data. Employees should be encouraged to treat company data as they would like their own data treated.
Roisin Cahill is chief organisational officer and director at IT Force.
If you want to share your opinion, advice or story, email opinion@fora.ie.
