You know that feeling of dread you get when you realize you just deleted a file or program critical to your business? That client list, tax return, report code?
Everyone knows that feeling.
Over the last 10+ years we have helped many companies: large and small, in Miami, Charlotte and elsewhere, who experienced a critical data loss. In the majority of cases an employee was the root of the problem, and in some cases production came to halt until someone fixed the error.
Data Security Best Practices
We tend to think of cyber-security as protecting our company against the iconic “hacker” trying to break into our systems and steal our data. In fact, non-malicious employee errors and mistakes cause just as much data loss.
Note the “non-malicious” in the previous sentence. People on your team, just doing their jobs to the best of their ability and with no ill will, can cause your business harm and not even know it.
How They Do It
What’s going on here? How can employees, with the best of intentions, be just as big a threat as hackers? According to a survey commissioned by Cisco, employees engage in the following risky behaviors:
- Unauthorized application use (e.g., I’ll just install this app I found on the internet. It will make my job so much easier!)
- Misuse of corporate computers (e.g., sharing work devices)
- Unauthorized physical and network access
- Remote worker security (e.g., e-mailing files to their personal accounts so they can work on them at home)
- Misuse or sharing of passwords
To this list we can add:
- Leaving devices unsecured: a three-person company being incubated from a shared space in downtown Manhattan fell victim when a petty thief managed to walk the three machines out the door.
- Falling for so-called “social engineering” schemes. Check out this document for some examples. Some may be a bit dated, but the principals remain relevant.
What Can I do?
How can you guard against employee errors and other internal vulnerabilities? The first and foremost step: back up your data! Companies we’ve helped recover their data performed regular backups. And they not only created backups, they practiced restoring from those backups so they were ready when the time came. And that time will come. Count on it.
The second step is to educate your employees. Review (or create) your policies on:
- Permitted software
- Who should access the company’s network and devices
- Working at remote locations
- Physically securing company assets
Then review them with your employees. Let them know you’ll help them comply with the policies. For example, if you require company laptops to be physically secured, distribute docking stations and cable locks. And let them know you’ll enforce these polices!
The next post in the series deals with “Email Dangers – Data Security Best practices for spam, passwords and more”. I’ll dive deeper into such items as phishing and strong passwords.
In the meantime, have you checked the cyber security vulnerabilities in your business? The IT experts at Waypoint would love to review your IT needs for free, please click hereto sign up for a free, no risk IT assessment.