04 Mar 2014

Four things every employee should be doing to protect their business

It’s the IT team’s job to protect the business from technology threats. If they get it wrong, the reputational and financial fallout is severe. This is what makes security one of the highest priorities for any IT professional. But security shouldn’t start and stop at the IT team. Each person that works at an organisation should and can take responsibility for getting the basics right. What each individual employee can do (and should be trained to do) is quite straightforward and simple, but if an organisation were to get all of its staff adopting these best practices, the work of the IT team could shift to more complex security matters.

1) Don’t use your personal email address at work or for work

Personal email accounts are beyond the control of the IT team. The impact that an employee can have on the business by using his or her personal email at work range is obvious; it’s difficult to monitor the email account for potential threats to the network when an employee accesses it while at work. But then there are also less immediately obvious problems with employees using personal email addresses for work. Archiving and backup, for instance, are important for work-related email, but not a guarantee if you’re using your personal email as part of your work process. Using personal email at work, or using personal email for work, can create all kinds of regulatory headaches for the organisation as well.

2) For that matter, don’t use personal USB drives

Personal USBs are not appropriate for sensitive business documents. Surprisingly, private USBs can leak private data when used on different PCs, or could be responsible for infecting entire networks with viruses. Most corporate infections happen when hardware is used outside the corporate network – which is done easily with the humble USB stick. Your IT team should provide you with a secure, compliant way to share files (especially if you’re working in an environment with remote or mobile staff). Use that, rather than a private USB.

3) Be responsible with passwords

Passwords are truly a pain, but having a strong password that you change every 90 days is one of the most simple ways with which an employee can help secure their business. It’s also one of the most commonly overlooked security measures. Password management company, SplashData, found the top three passwords of 2013 were ‘123456,’ ‘password’, and ‘12345678’ (http://www.cbsnews.com/news/the-25-most-common-passwords-of-2013/). These are incredibly easy to hack, and these have been the most common passwords for many years now – indicating that people are, simply, not paying attention to what they should be doing with their passwords.

4) Turn computers off when not using them

A lot of people choose to leave their PCs on overnight. Perhaps they’re in the middle of a complex project involving dozens of documents and spreadsheets. Opening them all up again in the morning would be a pain, right? But leaving PCs on and unlocked overnight, or even for a couple of hours while away at a meeting, opens the business up to yet another security risk. Now, all someone needs to do is drop into the office, stick a USB drive into the port, and they’ve effectively bypassed the security logins that you might have put in place. Don’t assume that an environment is secure, even if it’s your own office.