Your IT Security Issues And Your Staff
It seems these days you can’t sneeze without hitting half a dozen news stories about companies misplacing data or accidently making private data public or leaving lap tops lying around only to be handed onto the nearest journalist. It’s not surprising businesses are worrying about their data and if you’re not worried you probably should be. The majority of businesses ensure they’re protected against external threats, from malicious hackers looking to steal data to harmful viruses looking to delete data, you’re potentially under attack from so many different angles it can be impossible to protect yourself against all of them. No matter how much you’ve invested in your IT security, and no matter how secure you think your business premises are you can still be at risk.
Did you know the biggest threat to your IT security is your own staff? Maybe even you yourself?
I’m not saying your staff are actually a team of highly skilled hackers or they they’re even out to deliberately sabotage you, but the majority of attacks on IT security come from within your own walls.
Today’s business world is becoming more and more virtual. As business share information virally, and as cloud computing is becoming more common your business is likely to have more data coming and going than you can reasonably track. This doesn’t just apply to multinational corporations it applies to you too. The chances are the majority of your correspondences are sent via email as are all your staff’s too. Email’s great, it’s quick, easy and convenient. It also has great potential to infect your computer and your severs. No matter how careful you are about what you do and don’t open, can you guarantee your staff are just as meticulous? A good firewall will be able to quickly scan any files sent to you and decide whether they’re safe enough. Unfortunately they can’t see the actual contents of any file; all they can do is glance at the outer packaging. Like a letter, you can see the envelope and usually you can tell from the envelope whether its junk mail but the envelope doesn’t always tell you what’s inside. The easiest way around this is to ensure your staff have had extensive training. Never open anything that looks suspicious especially if it’s been filtered into the junk mail folder and try to discourage your staff from sending and receiving personal emails at work.
You may also want to look at the levels of access your staff have. It’s often easier to grant everyone a basic administrative access to the whole system but do they really need it? Does the work experience kid downstairs really need to same access as the marketing executive? If you have a new starter you need to make sure they only have access to the information they’re going to need to do their job properly. If it turns out later they need more access it can be granted. It’s not a case of not trusting your staff it’s simply a case of protecting yourself. Maybe your accounts manager can be trusted with access to the marketing accounts but maybe he talks in his sleep and his wife works for your competitors or maybe he has one too many down the pub Friday night, ok that’s a little farfetched granted but I’m sure you get my point.
What about passwords? You may have everything including the company stapler password protected but how secure are your passwords. The most common passwords are 123456, password and iloveyou. If you have more than ten staff at your company (and they’re not particularly tech savvy) then research has shown at least one of them will have one of these passwords. Research has also shown that one out of every three people will use a spouse, child or pet as at least one password. There’s no point having different levels of user access in your business if anyone who’s spent more than five minutes with your staff can guess their password. Passwords should ideally be a random combination of upper and lower case letters, numbers and at least one character. These maybe harder to remember but they’re safer.
Well I think I’ve proved my point; here are just three examples of how your staff have compromised your businesses security without even meaning too. With a little extra time being invested in your IT security all these examples can be easily prevented.
Kim works for an inventory software management company
