Habits are hard to break - but there are some habits that simply have to be broken if your business is going to be secure. Many of these habits may have been developed by your employees, which means that it is important that you recognize them.
If any of your employees are stuck in the following habits, you have a problem on your hands:
Using Weak Passwords
This is the cardinal sin of anyone who uses a computer. In addition to only using one password for all of their accounts (another big security issue) this one password isn’t sufficiently secure. Too many users will take the easy route, using a pet’s name or some other easily dug-up detail as a password, assuming they don’t make it really easy for a hacker and just use “password” or “12345.”
You need to make sure that your business’ users do better. Set certain standards that passwords need to live up to, and suggest that your employees try alternatives, like passphrases or a password manager, if remembering multiple complex passwords is a concern.
Sharing Those Weak Passwords
Exacerbating the weak password problem, there can be the temptation among your users to simply share their credentials with their coworkers to simplify workflows. This is far from the ideal situation, as it opens up your business to an increased risk of a data breach.
In fairness, some shared credentials are okay, like those for company social media accounts and other shared, impersonal resources. However, these are the exception to the rule, as they will be managed by the company.
Everyone working in your company needs to understand how their actions could potentially put the company (and, as a result, their jobs) in jeopardy, and that the safeguards you have in place (including password protection) are there to protect the company.
Using Personal Storage for Company Files
As cloud computing has grown in popularity, it has brought a slew of issues along with its many considerable benefits. One such issue is the tendency for employees to introduce company files to their personal cloud solutions.
Granted, a lot of the time, their intentions are good. It isn’t unheard of that an employee wants to put a little bit of extra time to a project they are working on after hours, so they “take work home with them” in the best way they know how. Unfortunately, this means that they are also taking your data out from behind the protections you have in your business. While it is commendable that they want to accomplish more, they just can’t be allowed to so without the right solution in place to keep your business’ data secure.
Two Words: Shadow IT
Your business’ solutions are likely equipped with exactly the software you want your employees using as they go about their daily responsibilities. However, this may not be the software that your employees are comfortable using - they may not be familiar with it, after all. There’s still a job to be done, though.
This often leads to employees seeking out an alternative solution online and downloading it to their workstation, without first consulting with IT. This program is what is known as shadow IT, a piece of software or hardware that has not been vetted and is still introduced to a system by one of its users.
Shadow IT can cause significant problems, so it is important that your users know that any new software or hardware they would like to use needs to be run past IT first, to ensure there are no issues as a result.
Email is a considerably powerful tool for businesses to leverage, making communication far easier and faster than it once was. This doesn’t come without some trade-offs, of course. If an employee isn’t paying attention, they could easily share information with the wrong person - and the same can also be said of file sharing services
Everyone in your organization - including you, of course - needs to respect the power of the solutions at your fingertips. While working collaboratively has become far easier, it is now much easier to let something leak as well. There needs to be an environment of awareness fostered within your business if you are to protect your investments.
Lack of Training
Speaking of fostering environments, you also need to make sure your employees are properly trained. After all, an employee who has limited-to-no experience with modern cyberthreats is going to be a much easier target than one who knows what to keep an eye out for.
As such, security needs to be a focus at every stage of employment - integral to onboarding and stressed every day. Team discussions about security measures, phishing tests, and other preventative evaluations can help you identify where more training is needed to properly prepare your team for the real deal.
Direct Technology Group can help you fix all of these habits. Call us at 954-739-4700 to learn more about our security solutions.