The threat of data breaches at work is well recognised and it seems each day another business has their vulnerabilities exposed and without constant vigilance, data in the workplace is at perpetual risk of being stolen. However, what a lot of organisations fail to acknowledge in their IT security plans is that data breaches are not always the result of an expert hacker penetrating the company firewall. Increasingly, employee negligence is the greatest threat to the security of the data of the company and its customers.
With this in mind, it is crucial for employers to educate their workforce about simple things they can do every day to reduce the risk of data being stolen. These tips are simple and require very little time and effort but could be the difference between a large-scale data breach and a safe network.
1. Do not click on links from insecure or unfamiliar websites. A common pitfall for even the most experienced employees. Suddenly an unread email appears in the employees’ inbox, they click it and follow a hyperlink to an unsafe site and attackers now have a way into your entire network, free to pilfer sensitive data at will.
2. Power down your computer. Locked computers are not the same as powered off computers and this is where the issue lies. Workstations that are locked and unattended are still running background processes. These can pose a significant threat to a network if this computer has been compromised by an attacker. By the time the employee returns to their machine, they may find that it has been accessed remotely by an attacker and data has already been stolen. This is one of our favourite tips and an example of how data security is as much a cultural as a technological change
3.Do not write passwords down. Discarded notepads and sticky notes with hastily scrawled passwords written all over them are not an example of good data security practices. Written passwords can easily be stolen or go missing and result in a compromised account. A simple solution to this problem is to not have them written down, to begin with. No extra effort required here, just don’t do it. Tools such as LastPass in conjunction with Google Authenticator are a secure replacement.
4. Do not use a password that relates to you in any way. Remaining in the vein of password safety, it is extremely common for attackers to guess passwords if they know pre-existing details about the person whom the account they are trying to access belongs to, such as dates of birth, pet names or locations. In order to ensure maximum password security, passwords should be completely anonymous and ideally a long combination of characters, numbers and symbols.
5. Use a different password for each account you have access to at work. It is extremely common for individuals to use the same password for every account they use out of convenience. Unfortunately, convenience and security rarely go hand in hand. Separate passwords must be used for each account to minimise the chances of compromised passwords being used to access multiple accounts.
Adopting these straightforward cybersecurity practices can make a big difference to overall data security in the workplace. Organisations that make them a part of their Business As Usual (BAU) operations will find that their networks are more secure and they can enjoy a decreased level of risk of their data being stolen. Good data security does not always have to be focused on cutting-edge tech and data loss prevention solutions. When human error is a looming threat, simple corrective communication could prove invaluable to keeping your organisation’s network secure.