[BreachExchange] 4 Ways Your Employees Are Threatening the Security of Your Business

Audrey McNeil audrey at riskbasedsecurity.com
Thu Dec 21 18:53:35 EST 2017


https://www.smallbizdaily.com/employees-threatening-security-business/

Your employees are the lifeblood of your business and may be among the most
trusted people in your inner circle. However, regardless of how trustworthy
your employees are, when they remain uneducated about digital security
threats, they can negatively impact the safety, security, and profits of
your business. In fact, the most recent data suggests over 33 million
records have been accidentally compromised since 2005—with over 1 billion
records compromised in total.

To help you keep your company secure, this article will identify four areas
where employees can negatively impact the security of your business, and
what employers can do to prevent breaches.

1. Avoid Internal Employee Theft

Did you know that 68% of small businesses fall victim to employee theft?
While it’s easier to quantify cash losses, it’s important to remember that
digital employee theft is also a potential risk. This means any digital
technology or sensitive information your employees have access to is at
risk.

To protect your agency from employee theft, you have three main security
options. The first is to create an Acceptable Use Policy for your
employees. This step will help educate your employees about what is and
what is not appropriate internet behavior and device use at work. Spell out
the risks and responsibilities to employees so they clearly understand how
to hold up their end of the deal.

For additional security, use a monitoring software. With a monitoring
software, you can monitor and record employee screens, take screen shots,
check email, and look into internet history for certain keywords and file
types. Finally, you also need security cameras to monitor employee activity
that happens off screen.

2. Protect your Clients from Identity Theft

The recent Equifax data hack is a reminder that keeping confidential
documents safe at work is mandatory. The first way to keep your documents
safe is to specify what types of devices may and may not be connected to
your network, and then set up precautions so rules can’t be broken. For
example, it’s easy to disable USB ports and CD drives on all company
computers. This will ensure no internal staff can connect and download
information via external devices.

Additionally, if your firm has sensitive client information on hand, you
may want to set up a firewall to block access to any cloud storage sites
like Google Drive or Dropbox. You can also lock down networks to prevent
unauthorized Bluetooth and Wi-Fi access.

Not all identity theft happens internally, so you need to also make sure
your network, data, and online usage is secure. You can secure your network
by making sure employees set strong passwords, you change the default
security settings on all equipment including routers, and that you access
the internet only with an HTTP connection.

3. Keep Malware Downloads at Bay

Not every employee understands the ins and outs of internet scams, and they
may accidentally download malware. This threatens digital security and can
threaten the security of your business. To prevent malware downloads, take
the following precautions.

First, take the time to educate your employees about how malware gets
downloaded. Educate them on all internet scams, the dangers of opening
strange attachments and unsolicited email, and other methods hackers use to
gain sensitive information. Knowledge is often your best form of protection
from malware, and it’s up to you to help educate your employees.

Hackers are getting more and more creative, so to stay ahead of the curve,
you also want to make sure you update your IT systems regularly to ensure
you are protected from malicious internet content. This means updating
antivirus software and patches regularly rather than once or twice a year.

To take security a step further, invest in the best antivirus software. In
other words, find a software that filters and blocks malicious content for
you. That way, you won’t have to worry about employees downloading content
they shouldn’t.

4. Enhance Your Social Media Security

When you think of digital security, it probably conjures up images of
cybersecurity, malware attacks, and hackers. What you might not immediately
think of, however, are attacks to your brand on social media. The character
and reputation of all businesses remain vulnerable on social media, and
it’s important to train your employees to keep a lookout for potential
threats to your brand.

To keep your brand secure, hire an employee to keep an eye out on social
media for fake accounts that purport to be your brand. For example, if you
don’t have a company Twitter account, and your employee notices that a
Twitter account claiming to be you pops up, take action to suspend that
Twitter account.

Along the same lines, it’s wise to hire an employee to handle online
reputation management. Their role should include managing your social media
profiles, addressing negative reviews, managing customers service
complaints, and staying on the lookout for brand imposters.

Remember hackers posing as you on social media isn’t the only social media
security threat. When employees use social media at work, it acts as
another potential gateway for hackers to access your system. To avoid
security breaches, limit access to social networks, monitor social activity
at work, or even institute a policy where you prohibit employees from
accessing social networks from work computers.

Wrap-Up

According to the 19th Annual Global CEO Survey, 61% of CEOs worry about how
the cyber security of their company will impact growth, and it’s with good
cause. As you can see, there are several ways employees can impact the
security of your company, whether or not they intend to invoke harm or not.
As a business owner, it’s important to teach your employees about security
and safeguard your business from internal and external threats. You can do
this by incorporating the advice listed above.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20171221/06d3ec87/attachment.html>


More information about the BreachExchange mailing list