Employee Mistakes That Risk Information Security
With the introduction of computers and IT-based mechanisms in the offices around the globe, the overall work procedure has become simpler and swifter than ever before. However, there are a number of companies which had paid a huge price for the development and growth in the IT sector during the past few years. At times, the security mistakes or slips are committed by the employees, which could have been otherwise easily avoided. This means that the organization hardly has any choice but to give the employees all the required access to the systems. Due to poor training, complacency or general lack of awareness, the employees end up being the favorite target of the social engineering attacks and hacks. This article consists most common information and data security mistakes and slips which your employees might well be committing.
Take a look on 11 Information Security Mistakes Employees Make
- Using common passwords
- Recording confidential information on sticky notes
- Ignoring physical security of the hardware
- Issues in managing crucial documents
- Access card management issues
- Unauthorized application use
- Intentionally disabling security features
- Granting unnecessary user privileges
- Falling for phishing
- Poor awareness of social engineering attacks
- Poor mobile security
1. Using common, weak or axiomatic passwords
The first and most common mistake which the employees might be committing is related to the login passwords used by them for accessing the database. The IT team provides a username and default password for granting access to a particular user to the database of the business.
However, the default password has to be changed as soon as the user gets the access to the given database. If the user fails to update the password, the chances of the password being something common like ‘password@123’ or ‘username@123’ could be very high. It is, therefore, important to avoid weak or common passwords.
2. Keeping confidential information on sticky notes
Have you ever noticed your employee’s computer monitor full of sticky notes scribbled with a lot of data? An illustration is provided as under:
The next time you get a chance to look closely there, try to notice if the worker has stored any confidential information like bank account details, passwords, ATM Pins or any other crucial bits of data which could be exposed for everyone to see.
3. Ignoring physical security of the hardware
The passwords and encryption-related issues are important. However, besides this, the physical security of the hardware and machinery installed within the organization should also be kept in mind. There could be chances where the employees could leave their laptops, flash drives and other devices within the reach of everyone. A hacker could try to gain access to the system by taking use of keylogger device if the employees have the habit of leaving their desks without locking the system.
4. Issues in managing crucial documents
Even though the documents do not have passwords printed on them, forgetting them on the printer or elsewhere in the organization would make snooping into the confidential information very easy.
5. Management Issues
Access cards are issued to the employees for ensuring smooth manoeuvring across different parts of the organization, where some of them could be restricted areas. The employee could leave the access card on the desk or in the drawer. It is so difficult to imagine the magnitude and outcomes of this error.
6. Unauthorized Applications’ Use
Usage of tablets, wearable gadgets, and mobile phones by the employees has the ability to easily compromise the security of your business’s data. Some companies have the policy of banishing such applications at the workplace for ensuring the security of data.
7. Intentionally Disabling Security Features
Circumvention or disengaging the security features in the company’s systems and usage of insecure mobile devices, including laptops, smartphones, USB devices, and tablets could lead to malware infections to the computer systems.
8. Granting Unnecessary User Privileges
The privileges should be granted to only such users who have a decent track record related to responsibility, and who could accomplish the given tasks. Excessive user privileges like explicit rights could lead to security breaches.
9. Falling for Phishing
The phishing websites have the ability to attack the entire system of the companies, and employees most generally fall for such activities, thereby risking the entire network security system of the organization.
10. Poor Awareness of Social Engineering Attacks
With the hackers coming up with sophisticated and intelligent methods of fooling employees for handing over confidential data by attacking human element and hence the company could find it extremely difficult to prevent.
11. Poor Mobile Security
At times, the employees could ignore basic mobile security features, and usage of the phones and other devices at the workplace could lead to compromise of security.
The mistakes as pointed out in course of this article are common but avoidable. ProcessVenue provides assistance to your business in implementing policies and adds value to the encryption and access management procedures of your organization.