How an End User Might Accidentally Undermine Your Security: 10 Innocent Mistakes

How an End User Might Accidentally Undermine Your Security: 10 Innocent Mistakes

If you’re like every other small business out there, you know that the more employees you hire, the more technology that you have to procure. However, when you have more end-users, you provide more avenues for threats to slip into your network infrastructure unnoticed. When all it takes is one simple mistake from a single end-user, how can you minimize the chances of falling victim to an untimely hacking attack?

We’ve put together ten honest mistakes that any end-user can make, and how they can be prevented.

  • Clicking on malicious links: With so much information on the Internet, it’s easy for an employee to search through countless pages without any regard to the sites and links that they’re clicking on. You need to emphasize the importance of safe browsing, including double-checking the destination of a link before clicking on it. You can do so by hovering over the link and looking in the bottom-left corner of your browser.
  • Using weak passwords: Employees frequently use passwords that aren’t strong enough to keep hackers out. Often times, they’ll simply use something of personal significance, like the name of their pet or a specific date. This isn’t the right way to approach password security. Instead, users should attempt to put together passwords that are private, randomized strings of numbers, letters, and symbols.
  • Ignoring mobile security: Even if your company has the latest and greatest security solutions installed on its desktops, you should also be thinking of your mobile devices, like smartphones and tablets. It’s arguably more important that your mobile devices have solid security solutions implemented on them, as they are often on the road, connecting to potentially dangerous hotspots. You need to make sure that security is a top priority in your Bring Your Own Device (BYOD) policy.
  • Accessing sensitive data through unsecured connections: If your employees are using the local café’s free wireless Internet to get some work done on their lunch break, it could be a dangerous gambit. Public Wi-Fi hotspots are notorious for being cesspools of online threats. Implementing a virtual private network (VPN) can be a handy investment that can encrypt data while it’s in transit, mitigating this risk somewhat.
  • Losing unencrypted devices: It’s not unheard of for an employee to use company devices in public places. If they accidentally leave their smartphone on the bus, or their tablet on a park bench, there’s always the risk that it can be stolen. Unless you practice proper encryption protocol, any information available on the device can be accessed by the person who finds it, be it a good samaritan or a tech-savvy thief.
  • Implementing unapproved solutions: Some employees simply prefer to use solutions that aren’t provided by the company to get their work done. The problem here is that the employee is moving forward without consulting IT about it, and that your data is being used in a solution that you can’t control. Plus, if the employee is using free or open-source software, these often come bundled with unwanted malware that can put your data in even greater peril.
  • Targeted business email scams: Phishing and spear-phishing attacks are growing more common. One example of this is an HR employee checking their inbox to find what looks like a job application or employment inquiry. All of the right information is there and nothing appears out of the ordinary; that is, until a malicious link contained within it starts to download malware or other nasty threats to your infrastructure. Other types of phishing attacks will ask end-users to confirm personally identifiable information or sensitive account credentials. Educating your team on how best to identify phony email messages is imperative to keeping your network secure.
  • Personal email use: It’s one thing to check your personal email account while at work, but another entirely to use your personal email account to perform work purposes. As the recent debacle with Hillary Clinton shows, people don’t take kindly to sensitive information being leaked via an unsecured email server that their organization has no control over. Add in the fact that personal email accounts are often not as secure as those in a professional productivity suite, and you have a recipe for disaster. You need to reinforce that your team should keep their work and personal email separate.
  • Leaving workstations unattended: Besides the fact that some tech-savvy employees are practical jokers, it’s a security risk to leave a workstation unlocked and unattended for long periods of time. Imagine if someone from outside of your organization walked into your office and accessed confidential files without authorization; that’s on the employee who got up and left the device unattended. Encourage your employees to always log off of their workstations, or at least lock them, before stepping away from their computer.
  • Using external storage devices: Your organization should only be using IT-provided USB devices and external storage. Otherwise, anyone with a random flash drive can connect it to your network, unleashing a horde of who-knows-what into your infrastructure.

User error is a primary cause for concern among businesses, but it can be mostly avoided by providing your staff with the training required to do their jobs properly. For more information about IT best practices, give us a call at (858) 509-1970.

Continue reading

Tag Cloud

Tip of the Week Security Privacy Technology Best Practices Cloud Google Business computing Microsoft Software Network Security Malware Hackers Backup Windows 10 Internet Business Email Android Smartphones Business Continuity Innovation Browser Hosted Solutions Hardware Managed IT Services Alert Data Small Business Office Computer Computers Disaster Recovery VoIP Ransomware Smartphone Business Management Cybercrime Productivity Outsourced IT Tech Term User Tips Efficiency Cloud Computing Law Enforcement How To Artificial Intelligence Cybersecurity Collaboration Chrome Money Virtualization Mobile Devices Communications IT Services Telephone Systems Data Backup Productivity Quick Tips Windows Work/Life Balance Facebook Social Engineering Internet of Things Miscellaneous Upgrade Router App Office 365 Health Passwords Data Recovery Password Social Media Communication Managed IT Services Windows 10 HaaS Hacking IT Support Holiday Data Protection Wi-Fi Phishing Data Breach Workplace Tips Word Apps Connectivity Vulnerability Spam Automation Bring Your Own Device Network Office Tips Saving Money Mobile Device Management Two-factor Authentication Data Security Private Cloud Google Drive Entertainment Remote Computing Update Comparison Data Storage USB OneNote History IT Management Employer-Employee Relationship Automobile Spam Blocking Flexibility Business Intelligence IT Plan PDF Data Management Operating System Worker Mobility Unsupported Software Big Data Managed Service Provider Managed IT VPN Battery Server Samsung Windows 7 Electronic Medical Records Bandwidth BYOD Microsoft Office Value Website End of Support CES Legal Redundancy Avoiding Downtime Charger Keyboard Content Management Applications Patch Management Cleaning Identity Theft Scam Mobile Device Infrastructure Remote Monitoring Computer Care Government Gadgets Public Cloud Marketing Computer Accessories Television Files Wire Business Mangement Skype Staff Leadership Hybrid Cloud Black Market Authentication Amazon Frequently Asked Questions Firewall Bluetooth Public Computer Sports Scalability Gmail Start Menu Specifications Troubleshooting Apple Nanotechnology Amazon Web Services Excel Smart Technology Smart Office Recycling Tools Digital Signature iPhone Smart Tech Online Shopping Tip of the week Two Factor Authentication Downtime Risk Management User Error Document Management Relocation eWaste Encryption Millennials webinar Monitor Evernote Windows Server 2008 Windows 10s Rootkit Root Cause Analysis Politics Safety Paperless Office Instant Messaging Criminal Workforce Software Tips Books Conferencing Information Technology Devices Wireless Charging Botnet Google Docs Training Internet Exlporer Machine Learning Humor Accountants BDR Emails Education Solid State Drive Data storage Thought Leadership Cortana Flash Save Money Travel Vendor Management Meetings Networking YouTube Telecommuting Emergency Computing Infrastructure Save Time Audit Loyalty Google Apps Voice over Internet Protocol Current Events Internet exploMicrosoft Practices Remote Work Physical Security IT solutions Computer Fan SaaS Addiction Best Practice Workers Sync Data loss Experience Knowledge Advertising Blockchain Users Hosted Computing IT Support Wireless Hiring/Firing The Internet of Things Content Cache HIPAA Multi-Factor Security Screen Mirroring Music Network Congestion Servers Search Virtual Reality Inventory Credit Cards HBO Transportation Employer Employee Relationship FENG Techology Audiobook Assessment Wireless Internet Video Games Password Manager Telephony Human Resources Recovery Trending Cast Wearable Technology IT Consultant HVAC How to Worker Commute Access Control Fraud Outlook Benefits Settings Enterprise Content Management Password Management CrashOverride NIST WiFi Webinar Twitter Company Culture Thank You Managing Stress Congratulations

Mobile? Grab this Article!

QR-Code dieser Seite

Recent Comments

Digital Hold The Case for Hosting Your Phone Solution In-House
24 February 2018
Informative Blog. Thanks a lot for the useful info.
Maria Albert Download the Wrong App and Have More Than Pokémon Fever Infect Your Device
26 September 2017
Occasionally I strive to not concentrate such these kinds of articles and neglect reading like these...
nathan dwyer Your Guide To Mobile Device Management as an SMB
07 September 2017
I come here after quite a while since 2016 and entire this term i have miss the chance to get inform...