5 ways your employees are unintentionally sabotaging your data security
In your company you must be trusting some employees with the most sensitive data. In your wildest dream you may not imagine them sabotaging your data security. Right? But recent research have found out that most employees who have only your company’s best interest at heart, are unintentionally making a series of critical mistakes that are putting your data security at great risk. So it’s not only people with malicious intent that you have to look out for.
Below are the five ways that your staff might be inadvertently sharing confidential information:
1. When your staff steps away from their workstations
Your data can be at a high risk when your employees step out of their workstations. It can be particularly dangerous if the employee works remotely or from a public place like a coffee shop or if your employee is working in the same office with various levels of employees who should not have access to the information that other employees are working with.
To avoid this, make sure that your employees always log out of their system with appropriate password set on their system. For additional precaution, the systems should have settings which automatically log users out after a small period of inactivity.
2. Not using two-factor authentication for passwords
At times when an employee feeds the password to open his system or application where sensitive data is present, there can be possibility of someone being present nearby who may figure out the password through his finger movement. To avoid such instances, its very important to employ two-step authentication. Does your employees use two-factor authentication? If not, then they may be compromising with your company data unintentionally.
3. Sharing sensitive information via email or other collaboration tools
Most of your employees must be sharing sensitive information via email or collaboration networks such as Google Docs and Dropbox without knowing the fact that these are not always secure. It is very important to make them understand the danger of sharing sensitive information through such means. They should be aware that sharing of information through email and insecure data storages should only be done if the information when leaked in public will not cause any catastrophic damage to the organisation.
4. Saving documents to the wrong destination
Making mistakes are common. But some mistakes can put your organisation data security at a high risk. Saving the correct information at the correct location is very important. If your employee accidentally saves a document to an incorrect destination, and the destination happens to be insecure, you could be in trouble.
To avoid such circumstances, encourage your employees to create two log-ins in their system. While working with sensitive information, they can log in to one profile where all programs & folders are secure. And for all other activities, they can switch to the new profile. employees should also be aware that any file should not be saved on their desktop. It not only attracts other people around to compromise with that file, but also increases the chance of that file being lost due to some technical fault in the system.
5. Accessing files from non-secure devices
Not easy to solve it as it happens with all of us. We all juggle between our laptops, tablets & phones, replying to personal texts while handling work emails. While it’s great to know that your employees are dedicated to work and want to check emails in the evening or at lunch breaks, it’s important to talk to them about which devices run security software and which do not. Explain to employees that they must use only work-approved devices for work-related communication, especially when sensitive information is involved.
When it comes to data security, the only way to keep a check is educating and training your employees. The more informed the employees are, the better your information remains secure. Recent research shows that employees having no malicious intent also leads to serious data security breaches in the organisation.