Porn and passwords float to the top of the list
The team over in the IT department is willing to stake their reputation on it: They’re prepared and confident that there’s not going to be any hacking done on their watch. They might have all their ducks in a row, but here’s what they didn’t plan for: you.
There are plenty of nasty outside threats, but the biggest risk to your sensitive data comes from within. Employees pose the highest threat to security, and the risky behavior they undertake is something they’ll be the first to admit is not such a good idea. Here are 4 things your people may be doing that expose your organization to security risks.
1. “Naughty, naughty!”
The numbers from a Blue Coat study indicate that up to 5% of American employees are willing to admit to using their office Internet connection to access adult content. And not by accident. 80% of the respondents said they knew they were breaking company rules.
What’s posing a risk here is that many adult content sites insert malicious content in links. They make their money by installing malware on computers that often have access to an entire network of computers.
It is also possible you can be sued by an adult content website because pirated versions of their videos have been detected on an employee’s computer, or even stored on your network.
But it’s less about downloads. It’s more about links.
2. Phishing expeditions
You probably aren’t going to fall for scam from the Nigerian bank CEO who says he’s got $7.5 million USD ready to wire to them. But phishing today has gotten more sophisticated.
Your people are all about helping where they can. Well-crafted phishing scams aimed at busy employees are an effective way of gaining access to your networks with the simple click of a link. Do you use the most common SaaS productivity software suites? It’s easy for a hacker to snag a logo, write a convincing message about the need to upgrade, and include a convenient, supposedly helpful “just click here” solution.
Most employees know better than to share their username or password. They’re not going to fall for this type of phishing. Or will they? Again: official-looking email from a company they recognize, with a request to update to the latest version. “Verify your username and password to proceed.” Boom, that damage is done.
3. Social gaffes
Many companies made it simple at first. They blocked access to all social media websites. That worked well until social media started to blend with business itself. It’s still a common practice, but many companies have relaxed their across-the-board ban. They’ve seen the benefits of employee access to sites like LinkedIn. Some companies have even asked employees to help with customer interaction generated by social media sites.
The Blue Coat study extrapolates the figure of a 41% usage rate for social media sites at work. Here’s why this is perhaps even more dangerous than accessing adult sites or falling for a phishing scam: There’s an intrinsic trust built into the use of social media.
Our networks are comprised of people we know and trust. If our BFF sends a link our way to check out while we’re at the office, we’re inclined to click on it. The unfortunate reality is that even our BFFs increasingly fall prey to hackers. It’s bad enough to get your Facebook account hijacked because you trusted a link sent by a friend. The consequences become exponential when you expose your company’s network to hackers under the same scenario.
4. One password fits all
Who has time to assign a unique password to everything we use? Must be at least 8 characters. Must contain at least one capital letter. Must contain at least one number or special character. Must not be a repeat of a password used within the last 12 months. Good grief. Must be too much of a hassle.
Is it any wonder that we fall into the default mode of using the same password for multiple – or even all – websites and software? It’s perfectly understandable, and a great opportunity for phishing hackers to help themselves to a smorgasbord of information.
Smart companies realize that the expense of providing employees with services to manage passwords is offset by the savings in security. The use of 2-step authentication for access to apps using highly-sensitive information is on the rise.
Cause and effect
A recent study by Intermedia boosts the proportion of employees engaging in risky behavior with your network security to a staggering 93%. Of these employees, 97% have the keys to the kingdom. These people access customer data.
It underscores an important point: While it’s crucial to have a strong IT security barrier, users inside the system can easily sidestep the protection. Down come the walls, in come the hackers.
One solution is a draconian approach to information security. It often fails because the data processing in our brains conflicts with the technology put in place by our IT department. We resent being told we cannot access social networks in today’s 24/7 connected world. We look for ways to short-circuit the very protection put in place to prevent us from participating in risky behavior. Even worse, the poor folks in the IT department are forced to become security Nazis, hated even more than the Nigerian bank CEO who’s always bugging you about that $7.5 million he owes you.
The best answer is a balance. Our bring-your-own-device environment means that employees need a certain amount of unrestricted access to connectivity and network content. Lock up the rest as best you can, and remind your employees consistently – not constantly – about playing it safe with the rest.
If you have questions about how to keep your organization’s’ data safe from internal and external threats, contact CloudHesive at 800-860-2040 or fill out our online contact form.