Your company relies on an efficient, secure network for its day to day operations. From sales, to data analysis, to application infrastructure, your network is a valuable company asset. You need it to operate smoothly so you can get your work done. You already invest time and resources into securing it from outside threats, but internal threats are just as important for your network security. In fact, employee behavior can be a major risk in network security.
Bring Your Own Device (BYOD) is a popular strategy for many businesses that enables employees to use their own phones, tablets, and computers for company work. This allows for greater flexibility—giving your staff the option to work from just about anywhere.
While a BYOD strategy can be great for productivity it’s also a key risk in network security protocols, especially if privately owned devices don’t utilize encryption or dual factor authentication. What’s more, your IT department doesn’t have the same control over privately owned devices as they do with company-owned devices, putting them at greater risk for security issues over above common cybersecurity threats.
Misplaced or Stolen Devices
Another way that employees can put your network at risk is through lost or stolen devices. It’s happened to just about all of us, you quickly leave a restaurant, cab, or coffee shop only to realize later you left your phone or tablet behind. Or worse yet, you realize your device has been stolen.
This is a terrible nuisance for anyone, but it can represent a real security threat to your enterprise if the device has company information stored on it. This can include passwords, proprietary company data, or another way to access your network. Stolen devices can be especially problematic if proper security features like encryption and user authentication aren’t installed. Devices used to access your network should be protected with remote kill switches and tracking features.
Unsecured Wi-Fi Networks
Mobile devices allow employees to work from just about anywhere with wi-fi access, which can be incredibly efficient and advantageous for your firm. But it can also pose a real risk in network security. Coffee shops, bars, airports, and other locales that offer free wi-fi may seem like a great place to get a little work done, but most of these wi-fi networks are unsecured.
That means that hackers can infiltrate devices connected to the wi-fi and can then piggyback into your company network—allowing them to steal data, client information, or even lock you out of your own network as part of a ransom attack.
Misuse of Passwords
Sharing passwords can seem benign, but it’s actually a substantial security risk. In fact, password sharing can even be considered a violation of the CFAA. For this reason, your company should institute an employee password sharing policy that strictly outlines appropriate password behavior.
Prohibiting password sharing actually protects your employees from suspicion in case of a security breach or the misuse of company data. It’s the same reason bank tellers and cashiers don’t share cash drawers with other employees—it protects staff and allows management to more easily identify inappropriate behavior.
Just like password sharing, password reuse is a big risk to your network security. If employees use the same password on both personal and business accounts it puts your entire network at risk. In tandem with your employee password sharing policy, your company should implement a work only password procedure. This will eliminate any duplicate passwords used by your employees that could make hacking or data theft easier.
Downloading files, images, and other attachments is a daily aspect of business. But there is a right way and a wrong way to do it. Many employees attempt to circumvent protocols put into place by using personal email accounts to send and receive downloads. This is a recipe for a security disaster. Employees should never download items from a personal email account onto a company device. What’s more, staff should never download items from unknown senders or websites, especially if they’re downloading items for personal use.
Social Media Use
Everybody needs a break during a busy workday. For a lot of people that means checking in on their social media accounts. Browsing Facebook, Twitter, or Snapchat may be a relaxing way to recharge during a break period, but it can actually put the security of your network at risk. Links, surveys, and those fun Game of Thrones character tests may seem like an innocuous way to waste a few minutes, but they can actually be a scam or disguised attempts to install spyware or malware.
Phishing is a particularly pernicious form of cyber attack. This attack uses emails and websites that appear authentic in an attempt to trick the recipient into giving away information such as usernames, passwords, account numbers, or other sensitive data. Some phishing scams attempt to mimic software updates or other trusted attachments to deceive recipients into downloading malware.
If an employee falls victim to phishing it could put your entire network at risk. They may inadvertently give away usernames and passwords or could even unintentionally download malware directly into your network.
Disgruntled Former Employees
Finally, one of the biggest risks to your network security is disgruntled former employees. Regardless of the motivation for theft or malfeasance, former employees may have stored data on personal devices, username and password lists, and other access to your network.
New employees should sign non-disclosure agreements to help you protect intellectual property and other proprietary data. When employees leave, their passwords should be invalidated and their access should be eliminated. You may even need to have their devices examined by an IT specialist to ensure they no longer have access to your network.
Help Your Employees Understand Security Risks
The best way to eliminate internal risk in your network security is a robust employee security training program. Help your employees understand the risks of using their own devices or accessing network data on unsecured wi-fi networks. Create an employee password sharing policy to ensure no usernames and passwords become compromised or misused. Teach your staff proper web browsing, including how to safely access social media and how to identify phishing scams.