5 Ways Your Employees Are Unintentionally Sabotaging Your Data Security Your employees, even the ones that only have your company's best interest at heart, may unintentionally be making a series of critical mistakes that could put your data security at great risk.
Opinions expressed by Entrepreneur contributors are their own.
In today's world of cyberattacks and data breaches, it can be difficult to know what software and which people to trust with your company's most sensitive information. Unfortunately, it's not only people with malicious intent that you have to look out for. Your employees, even the ones that only have your company's best interest at heart, may unintentionally be making a series of critical mistakes that could put your data security at great risk.
Below are a five ways that your staff might be inadvertently sharing confidential information:
1. Stepping away from their workstations.
Any time that an employee steps away from their workstation, especially if they have data programs open on their desktop, they are making your data accessible to anyone that may be in the room. This is particularly dangerous if you have employees that work remotely, like in public coffee shops, or if employees working in the same office have various levels of data security clearance. To avoid this mistake, make sure that data storage and management programs automatically log users out after a small period of inactivity and teach employees to always log out of their programs when leaving a device unattended.
2. Not using two-factor authentication for passwords.
One way to avoid unwanted eyes cracking employees' passwords is to employ two-step authentication. For example, when an employee sets her password a numeric code is sent to the employee' smartphone. This code must be typed in to the software in order for the employee to access the data. Typically the device you are accessing the software from is "remembered" so that the employee does not have to go through the process every time they log in.
3. Sharing files via email or another collaboration tool that doesn't limit access.
Your employees may think it's harmless to share information via email or through collaboration networks such as GoogleDocs and Dropbox, especially when the communication is with trusted colleagues. However, these programs are not always secure, and there's nothing stopping someone from sending a document to a third party or additional unsecure program. It's important to explain these dangers to employees and make sure that email and other insecure data-storage solutions are only used for information that can be shared with the public.
4. Saving documents to the wrong destination
Everyone makes mistakes. If your employees accidently save a document to an incorrect destination, and the destination is unsecure, you could be in trouble. To avoid this mistake, encourage employees to create two laptop log-ins. When working with sensitive information, they can log in to one profile where all programs and folders are secure. And to communicate via email, social media, etc., employees can switch to a new laptop profile. Additionally, make sure that all employees know never to save anything to their desktop as it is especially unsecure and the data can be lost if a laptop is damaged.
5. Accessing files from non-secure devices.
This is a tricky one. We all juggle between our laptops, tablets and phones, replying to personal texts while handling work emails. While it's great to know that your employees are dedicated to work and want to check emails in the evening or at lunch breaks, it's important to talk to them about which devices run security software and which do not. Explain to employees that they must use only work-approved devices for work-related communication, especially when sensitive information is involved.
They key when it comes to employees and data security is education. Make sure that your employees are crystal clear on what information is sensitive and what can be shared. Teach your employees how to use data security software and discuss how to protect against common mistakes. If everyone understands what is at stake and feels confident in what needs to be done to protect the company's data, you will greatly lower your risk of a data breach.