IT Security for companies: Keeping up with Employees

April 12th 2016

Cybersecurity is becoming more complex and intricate to companies today than it was even a few years ago. Media stories about cyber-attacks on organisations across a number of industries are becoming more prevalent. IT is becoming more entwined with a company’s day to day activities, from data storage, video conferencing to social media marketing, it has never been more important to have proper security measures in place. While there are number of factors which leave companies open to a cyber-attack, one of the most overlooked reason is the employees within the company itself.

What are the main IT security risks surrounding employees and how can these be mitigated?

Poor password practices are contributing to the majority of a company's security risks. In a recent survey, 65 percent of employees admitted to using the same password in multiple locations. While it seems like common sense to have a different password for access to different resources, it is often disregarded by employees within an organisation. 32 percent shared passwords with co-workers in the same survey. Simple steps for creating a password include:

• Has at least 12 Characters
• Include a myriad of Numbers, Symbols, Capital Letters, and Lower-Case Letters
• Isn’t a Dictionary Word or Combination of Dictionary Words
• Doesn’t Rely on Obvious Substitutions: Don’t use the digit 0 for the letter o.

From a company’s perspective they can setup two-step authentication for any sensitive data, including biometric access, requiring fingerprints, in addition to passwords.

A worrying figure for firms has emerged that 1 in 5 employees globally would sell their work passwords for as little as €50. This can be done through the Darknet. By giving a hacker these details it can allow them access to a whole corporation’s IT infrastructure and cause untold damage. Organisations should consider linking trusted, previously registered devices to individuals and logins, this would help to cut down on the risks associated with password theft or password selling such as this.

Physical security of IT devices should always be at the forefront of employees minds. When employees are going for a cup of coffee, lunch etc. they often leave their computers unlocked. This can allow anyone access to files available through their desktop. While simple, it is vitally important that employees log out or lock their screens when they are away from their desk. Mobile devices associated with a firm should never be left unattended in cars or public places.

As the business world advances, employees on the move and working from home, they expect to use their personal devices to access work-related material at any time. Something simple like logging onto a public Wi-Fi network with your company laptop to view your Twitter account could potentially be putting an entire company’s IT infrastructure at risk. It is becoming more regular for employees to also use their own cloud services such as Dropbox to access files away from the workplace. By doing this an organisations important files are often outside of a company’s control.
A company should look to Encrypt all sensitive info with a security mechanism that makes it impossible to read the files outside of the organisation.

Another issue for company’s IT security is when employees leave after termination of employment, they often still have access to corporate accounts. This can leave it open for employees to use sensitive data in their new roles. Companies should enable logging of database access, so it can be determined by who, when, and where any particular piece of information was retrieved.

Proper training needs to be put in place by organisations when it comes to IT security. This training should start from top to bottom within an organisation. While many employees would use their personal email accounts when sending sensitive company files, they don’t realise the risk this puts on the company. Employees should be made aware of best IT security practices.

There is the constant clash between employees wanting freedom to go about their work from mobile devices anywhere, anytime, and organisations having the adequate security mechanisms in place to protect company data. This is an ongoing conflict in companies. Employees should be encouraged to treat company data as they would like their own data treated.

For More info on any of the above contact us at info@itforce.ie