Habit 1: Too Few, Too Weak Passwords
This habit is a particularly bad one, as an employee with a weak password can potentially undermine your entire organization’s security. While nobody likes having to remember a different, complex password for every account they have, many users will default to reusing one password. What’s worse, these passwords are often very simple – simple enough for a hacker to decipher will little trouble. While some will require a little detective work on the hacker’s part, like a personal detail that can be found somewhat easily, an unfortunate number will use something too easy, like ?password? or ?12345.?
You need to hold your staff to a higher standard. In addition to establishing minimum password requirements, make sure these passwords are updated regularly. If remembering these passwords proves to be a challenge, suggest alternatives, like a password management solution or using passphrases.
Habit 2: On Top of Having Too Few, Too Weak Passwords, Sharing Them
One thing that all of your employees will have in common? Whether you call it ?being efficient? or ?cutting corners,? they will always be on the lookout for ways to simplify their work processes. One simple way (in their eyes) to do so? Sharing credentials!
Now, for the record, this isn?t in reference to company-owned accounts that are often set up, such as company social media accounts and shared resources. However, since these should be managed by (surprise, surprise) the company, these aren?t really applicable to our considerations.
The main takeaway here is that anyone in your company could create a very bad situation through the wrong actions, and any safeguards you have (such as password protection) are in place to keep the company safe.
Habit 3: Storing Company Files in Personal Storage Solutions
While cloud computing provides a vast amount of value and utility for businesses, there are also a few concerns you need to be aware of. For instance, it isn?t uncommon for employees to utilize their own personal cloud solutions to store company files.
It is important to address the fact that their motives for doing so are oftentimes pure. If an employee wants to commit a little extra time to a project, they very well may simplify things for themselves by sharing a company document with their personal cloud account. However, by doing so, this employee is also taking this document out from behind the protections your company should have in place for its data. This simply should not be done, despite the good intentions that motivate your employees – after all, we all know what they say about good intentions. Fortunately, there are solutions out there to allow your employees to safely access work materials, boosting their productivity without undermining your data security.
Habit 4: Introducing Shadow IT
Shadow IT is software (or hardware) that has been installed (or implemented) on your business? solutions without the knowledge or approval of IT. This usually happens when your employees are unfamiliar with the solutions you provide to them, so they instead seek out an alternative that they prefer to use. Unfortunately, shadow IT is often the cause of severe issues, so your users need to be compliant to a policy of clearing any technology not provided by IT past IT, helping ensure nothing problematic pops up.
Habit 5: Carelessness While Using Email
Businesses have embraced the advantages of email since it was first introduced, streamlining and accelerating communication. However, these advantages have also come with a few serious risks – and the same goes for file sharing services, too.
Consider what could potentially happen if the wrong information was shared with the wrong person. This means that everyone in a business needs to be aware of the tradeoffs that email and file sharing both present: while collaboration is much easier, it is also easier for data to leak. In order to keep your data where it belongs, your entire team needs to remain aware of this fact.
?Habit? 6: Insufficient Training
This one isn?t so much a habit on the employee’s part as it is on the employer’s. Simply put, your business is going to be vulnerable to security threats if your employees aren?t aware of what threats are out there, and how to spot them.
This is why security training needs to be an integral part of every step in an employee’s career trajectory – starting from the onboarding process and continuing in perpetuity. There are plenty of methods that should be leveraged in order to do so, from phishing tests, team discussions, and other means of evaluating where more training is needed.
White Mountain IT Services can help you with these evaluations, as well as the training that follows. To learn more, reach out to us at (603) 889-0800.