With the introduction of computers and IT-based mechanisms in the offices around the globe, the overall work procedure has become simpler and swifter than ever before. However, there are a number of companies which had paid a huge price for the development and growth in the IT sector during the past few years. At times, the security mistakes or slips are committed by the employees, which could have been otherwise easily avoided. This means that the organization hardly has any choice but to give the employees all the required access to the systems. Due to poor training, complacency or general lack of awareness, the employees end up being the favorite target of the social engineering attacks and hacks. This article consists most common information and data security mistakes and slips which your employees might well be committing.
Take a look on 11 Information Security Mistakes Employees Make
The first and most common mistake which the employees might be committing is related to the login passwords used by them for accessing the database. The IT team provides a username and default password for granting access to a particular user to the database of the business.
However, the default password has to be changed as soon as the user gets the access to the given database. If the user fails to update the password, the chances of the password being something common like ‘password@123’ or ‘username@123’ could be very high. It is, therefore, important to avoid weak or common passwords.
Have you ever noticed your employee’s computer monitor full of sticky notes scribbled with a lot of data? An illustration is provided as under:
The next time you get a chance to look closely there, try to notice if the worker has stored any confidential information like bank account details, passwords, ATM Pins or any other crucial bits of data which could be exposed for everyone to see.
The passwords and encryption-related issues are important. However, besides this, the physical security of the hardware and machinery installed within the organization should also be kept in mind. There could be chances where the employees could leave their laptops, flash drives and other devices within the reach of everyone. A hacker could try to gain access to the system by taking use of keylogger device if the employees have the habit of leaving their desks without locking the system.
Even though the documents do not have passwords printed on them, forgetting them on the printer or elsewhere in the organization would make snooping into the confidential information very easy.
Access cards are issued to the employees for ensuring smooth manoeuvring across different parts of the organization, where some of them could be restricted areas. The employee could leave the access card on the desk or in the drawer. It is so difficult to imagine the magnitude and outcomes of this error.
Usage of tablets, wearable gadgets, and mobile phones by the employees has the ability to easily compromise the security of your business’s data. Some companies have the policy of banishing such applications at the workplace for ensuring the security of data.
Circumvention or disengaging the security features in the company’s systems and usage of insecure mobile devices, including laptops, smartphones, USB devices, and tablets could lead to malware infections to the computer systems.
The privileges should be granted to only such users who have a decent track record related to responsibility, and who could accomplish the given tasks. Excessive user privileges like explicit rights could lead to security breaches.
The phishing websites have the ability to attack the entire system of the companies, and employees most generally fall for such activities, thereby risking the entire network security system of the organization.
With the hackers coming up with sophisticated and intelligent methods of fooling employees for handing over confidential data by attacking human element and hence the company could find it extremely difficult to prevent.
At times, the employees could ignore basic mobile security features, and usage of the phones and other devices at the workplace could lead to compromise of security.
The mistakes as pointed out in course of this article are common but avoidable. ProcessVenue provides assistance to your business in implementing policies and adds value to the encryption and access management procedures of your organization.