Are Your Employees Your Biggest Security Threat?

Are Your Employees Your Biggest Security Threat?

Most companies recognize that employees are their most critical asset, and without their everyday efforts, business couldn’t survive, let alone thrive. Along with this alliance comes entrusting staff with access to sensitive information, including company credit cards, banking information, proprietary business information, and customer contact information, to name just a few of the most common critical data types.

While the vast majority of employees who come and go are honest, trustworthy, and loyal during their tenure, it only takes one bad egg to violate the trust and expose your business. Of course there are horror stories involving a disgruntled employee who maliciously steals company data to cause harm to their employer or to help out another business venture. But the more common scenario is one where an employee causes accidental harm.

Today’s business climate is fast-paced, and as a result, more pressure is put on employees - multitasking becomes the norm, and chances of a person making a mental mistake or cutting a corner to meet a deadline is significant - especially in short-staffed departments or businesses.

A recent study by CompTIA noted that “human error accounts for 52 percent of security breaches” today. Since identity theft and cybercrime are growing daily, it’s critical for your employees to understand that even a small mistake or careless action can potentially threaten an entire organization, such as:

  • Misplacing cellphones, laptops, credit cards or leaving notebooks out in the open
  • Improper disposal of business files and documents (example: tossing in the trash without shredding)
  • Discarding (or e-cycling) old hardware without removing data
  • Sending business documents to your personal e-mail or saving them to Dropbox
  • Working on private documents from a public WiFi network
  • Sending non-encrypted financial information via e-mail
  • Plugging infected devices or USB drives into your network
  • Sharing passwords casually with colleagues, vendors, partners 

If any piece of confidential data gets in the hands of the wrong person, it can open the door to a breach. The good news is that most of the mistakes listed above can be prevented with proper security measures and awareness. In the event something like this does occur, it can be shut down before any real harm is done when reported and acted upon in a timely manner.

The bad news is that cybercriminals are innovative and constantly come up with new ways to take advantage of human error. They use trickery and disguise to lead people to perform actions or divulge confidential information needed to access restricted data. After all, why would a hacker force entry from the outside when it’s easier to gain access from the inside?

This type of psychological manipulation is often referred to as phishing and social engineering attacks. These methods are much more dangerous because they could potentially bypass even the best security systems in place. Oftentimes businesses don’t know they’ve been hacked until it’s too late.  

What can be done?

There are a number of things you can do from a technical perspective to protect against outsider attacks, such as: proactively monitoring your network for suspicious activities, requiring complex passwords and setting up two-factor authentication, implementing content filtering, advanced email encryption, and so on.

But when it comes to insider threats, protection starts with educating your end users. CompTIA indicated that of the “700 business executives surveyed, less than half said their company offers some form of cybersecurity training.”

Just like the cybercriminals out there, we as responsible business people must change our strategies to stay ahead. The conversation must not only be about securing devices, but also about enforcing proper behavior through education. And it’s not just IT and accounting departments that need to be diligent — all employees need to know about the evolving threats, the security practices in place, and the risks they impose on the business by not following protocol.

If you’re an ITS client and would like to set up a security best practices overview for your users, contact your VCIO today. We’re happy to come onsite and provide a free, lunch-and-learn session for your entire staff.  If you’re considering additional protection, check out our advanced security plans which include features such as routine phishing training and testing to identify which users are most vulnerable to an attack. 

Unsure if your managed service provider is doing everything they can to keep your business protected? Contact us today to set up a network security assessment and formal evaluation. For more information about the ways IT Solutions can help protect your business from both inside and outside threats, visit

© 2020 IT Solutions Consulting, Inc.. All rights reserved. Privacy Statement  |  Site Map