How An End User Might Accidentally Undermine Your Security

Michael Menor is Vice President of Support Services for Tech Experts.

If you’re like every other small business out there, you know that the more employees you hire, the more technology that you have to procure. However, when you have more end-users, you provide more avenues for threats to slip into your network infrastructure unnoticed.

When all it takes is one simple mistake from a single end-user, how can you minimize the chances of falling victim to an untimely hacking attack? We’ve put together a list of honest mistakes that any end-user can make – and how they can be prevented.

Clicking on malicious links
With so much information on the Internet, it’s easy for an employee to search through countless pages without any regard to the sites and links that they’re clicking on.

You need to emphasize the importance of safe browsing, including double-checking the destination of a link before clicking on it. You can do so by hovering over the link and looking in the bottom-left corner of your browser.

Using weak passwords
Employees frequently use passwords that aren’t strong enough to keep hackers out. Often times, they’ll simply use something of personal significance, like the name of their pet or a specific date.

This isn’t the right way to approach password security. Instead, users should attempt to put together passwords that are private, randomized strings of numbers, letters, and symbols.

Losing unencrypted devices
It’s not unheard of for an employee to use company devices in public places. If they accidentally leave their smartphone on the bus or their tablet on a park bench, there’s always the risk that it can be stolen.

Unless you practice proper encryption protocol, any information available on the device can be accessed by the person who finds it, be it a good Samaritan or a tech-savvy thief.

Implementing unapproved solutions
Some employees simply prefer to use solutions that aren’t provided by the company to get their work done. The problem here is that the employee is moving forward without consulting IT about it and that your data is being used in a solution that you can’t control.

Plus, if the employee is using free or open-source software, these often come bundled with unwanted malware that can put your data in even greater peril.

Personal email use
It’s one thing to check your personal email account while at work, but another entirely to use your personal email account to perform work purposes.

As the recent debacle with Hillary Clinton shows, people don’t take kindly to sensitive information being leaked via an unsecured email server that their organization has no control over.

Add in the fact that personal email accounts are often not as secure as those in a professional productivity suite and you have a recipe for disaster. You need to reinforce that your team should keep their work and personal email separate.

Leaving workstations unattended
Besides the fact that some tech-savvy employees are practical jokers, it’s a security risk to leave a workstation unlocked and unattended for long periods of time.

Imagine if someone from outside of your organization walked into your office and accessed confidential files without authorization; that’s on the employee who got up and left the device unattended.

Encourage your employees to always log off of their workstations, or at least lock them, before stepping away from it. User error is a primary cause for concern among businesses, but it can be mostly avoided by providing your staff with the proper training. For more information on IT best practices, give us a call at (734) 457-5000.