While most companies fear external hacker attacks and cybercrime, there’s just as much, if not more, risk stemming from your employees. Unfortunately, employees can sometimes be your company’s worst enemy when it comes to data security, and many of the risks can arise in ways you might not have expected.

Huddle’s State of the Enterprise Information Landscape report, with Ipsos MORI, revealed that more than a third of office workers store company documents on consumer cloud services, while 91 percent store, access, and share via personal devices.

Here are five ways employees can put your company at risk and what you can do about it.

Employees using personal e-mail

There’s a reason many offices have their own structured e-mail networks: they’re safer, configured to protect a company’s data network, and also allow system administrators to ensure employees are using e-mail properly.

Unfortunately, employees often engage in personal unsecured e-mail use even when discussing company data or sending documents. Many employees use personal e-mail because they are more comfortable using it, find it easier to access outside of work, and may even be trying to avoid company monitoring of their e-mail.

A study conducted by Symantec found that approximately 50 percent of employees kept confidential corporate data from their jobs, and many of them planned to use it for new jobs in the future. Unfortunately, many of these employees use personal e-mail to send this internal data without detection, creating an additional threat.

That’s why it’s necessary to explain that personal e-mail use is prohibited when dealing with company information. All information about your company will be centralized and thus easier to protect.

Failing to use Secure FTP

Another reason employees use personal e-mail is to send larger files. Many companies limit the amount of data sent over company mail networks for security purposes and to keep the company’s network running smoothly.

While some companies circumvent this issue by allowing employees to use a file transfer protocol (FTP) program, it’s important to use secure file transfer protocol (SFTP). FTP is vulnerable to packet sniffers, which can identify passwords and usernames, since the data is transferred via clear text. SFTP uses encryption technology to hide this sensitive data and quickly deliver the files you need to clients, employees or business partners.

Neglecting to encrypt devices 

Employees often use devices that don’t have data encryption or password protection. Not only is there a risk of outright data theft, but such devices can also simply be lost. These devices can hold valuable source code, personnel and customer data, financial information, intellectual property, and company strategies — information that can be worth millions of dollars.

There are countless cases that highlight the impact of losing unencrypted data: legal troubles and intellectual property theft. In one case, former employees hit Coca-Cola with a class action lawsuit after claiming stolen company laptops led to their identities being stolen.

Instruct your employees encrypt and password protect their personal computers, laptops, tablets and smartphones. There are also programs that can help you locate and lock stolen or lost devices.

Data walking out of the door with ex-employees 

Before terminating an employee, you should ensure that your data is first secure. Confirm that the employee has their company accounts suspended across all platforms. It’s also important to see that your employee collects their belongings under supervision and don’t walk out the door with USB sticks or hard drives.

If you feel a person is a serious threat to your company’s network integrity, it’s time to reset passwords and perform a full security check. In fact, SpecterSoft found in a survey that 35 percent of companies reported an insider attack or theft of data, underlining the risk of inside jobs for your company.

Small mistakes that lead to big consequences

Often, the simplest way to have your company’s data compromised is through employees simply downloading an attachment with malware or a virus. The web is rife with dangerous viruses, many of them designed to steal data. A study by McAfee indicated that cybercrime of this type accounts for $375 billion in losses to the global economy, and that’s a conservative estimate.

To prevent mistakes, have your IT team use antivirus software to scan each attachment before downloading. It’s also a good idea to provide employee training about suspicious e-mails, and ensure employees are using strong passwords. Many companies overlook these steps, leading to compromised systems and loss of intellectual property.

Ultimately, it’s important to approach data security as a serious issue. Identifying your risks and taking the proper precautions is the first step to keep your company’s data safe and secure.

Request a Demo

© 2006 - 2021. All Rights Reserved.