Employee Mistakes That Risk Information Security

Employee Mistakes That Risk Information Security

With the introduction of computers and IT-based mechanisms in the offices around the globe, the overall work procedure has become simpler and swifter than ever before. However, there are a number of companies which had paid a huge price for the development and growth in the IT sector during the past few years. At times, the security mistakes or slips are committed by the employees, which could have been otherwise easily avoided. This means that the organization hardly has any choice but to give the employees all the required access to the systems. Due to poor training, complacency or general lack of awareness, the employees end up being the favorite target of the social engineering attacks and hacks. This article consists most common information and data security mistakes and slips which your employees might well be committing.

Take a look on 11 Information Security Mistakes Employees Make

  1. Using common passwords
  2. Recording confidential information on sticky notes
  3. Ignoring physical security of the hardware
  4. Issues in managing crucial documents
  5. Access card management issues
  6. Unauthorized application use
  7. Intentionally disabling security features
  8. Granting unnecessary user privileges
  9. Falling for phishing
  10. Poor awareness of social engineering attacks
  11. Poor mobile security

1. Using common, weak or axiomatic passwords

The first and most common mistake which the employees might be committing is related to the login passwords used by them for accessing the database. The IT team provides a username and default password for granting access to a particular user to the database of the business.

Using Common, Weak, or Default Passwords

 

However, the default password has to be changed as soon as the user gets the access to the given database. If the user fails to update the password, the chances of the password being something common like ‘password@123’ or ‘username@123’ could be very high. It is, therefore, important to avoid weak or common passwords.

2. Keeping confidential information on sticky notes

Have you ever noticed your employee’s computer monitor full of sticky notes scribbled with a lot of data? An illustration is provided as under:

Risks of Storing Confidential Info on Sticky Notes

 

The next time you get a chance to look closely there, try to notice if the worker has stored any confidential information like bank account details, passwords, ATM Pins or any other crucial bits of data which could be exposed for everyone to see.

3. Ignoring physical security of the hardware

The passwords and encryption-related issues are important. However, besides this, the physical security of the hardware and machinery installed within the organization should also be kept in mind. There could be chances where the employees could leave their laptops, flash drives and other devices within the reach of everyone. A hacker could try to gain access to the system by taking use of keylogger device if the employees have the habit of leaving their desks without locking the system.

4. Issues in managing crucial documents

Even though the documents do not have passwords printed on them, forgetting them on the printer or elsewhere in the organization would make snooping into the confidential information very easy.

Issues in Managing Crucial Documents

5. Management Issues

Access cards are issued to the employees for ensuring smooth manoeuvring across different parts of the organization, where some of them could be restricted areas. The employee could leave the access card on the desk or in the drawer. It is so difficult to imagine the magnitude and outcomes of this error.

6. Unauthorized Applications’ Use

Usage of tablets, wearable gadgets, and mobile phones by the employees has the ability to easily compromise the security of your business’s data. Some companies have the policy of banishing such applications at the workplace for ensuring the security of data.

7. Intentionally Disabling Security Features

Circumvention or disengaging the security features in the company’s systems and usage of insecure mobile devices, including laptops, smartphones, USB devices, and tablets could lead to malware infections to the computer systems.

8. Granting Unnecessary User Privileges

The privileges should be granted to only such users who have a decent track record related to responsibility, and who could accomplish the given tasks. Excessive user privileges like explicit rights could lead to security breaches.

9. Falling for Phishing

The phishing websites have the ability to attack the entire system of the companies, and employees most generally fall for such activities, thereby risking the entire network security system of the organization.

Falling for Phishing Attacks

10. Poor Awareness of Social Engineering Attacks

With the hackers coming up with sophisticated and intelligent methods of fooling employees for handing over confidential data by attacking human element and hence the company could find it extremely difficult to prevent.

11. Poor Mobile Security

At times, the employees could ignore basic mobile security features, and usage of the phones and other devices at the workplace could lead to compromise of security.

The mistakes as pointed out in course of this article are common but avoidable. ProcessVenue provides assistance to your business in implementing policies and adds value to the encryption and access management procedures of your organization.

Loading