Do Your Mobile Workers Pose A Cyber Security Risk For Your Company?
Most times, people associate corporate breaches with targeted attacks carried out by a team of highly intelligent, skilled, hackers. This may be because security threats that make the headlines are usually of this nature, but movies also have a big role in perpetuating this notion. Well, this may be true for some, it is easy for companies to overlook another potential threat, their mobile employees.
Now, now…You may be thinking “I trust my employees, they would never put my business at risk.” As much as this is possibly true, seeing that you put them through a rigorous screening process when they first joined the company and extensive background checks were conducted clearing any sort of doubt, they may be giving out valuable company information without their knowledge. They are not completely blameless, though. A certain degree of carelessness may be present.
If your company, for example, offers courier services as its main business, this means that a lot of your workforce is mobile and working remotely most of the time. What does this mean? The devices they use – mobile phones, laptops, tablets, hotel/home Wi-Fi, are all an extension of the company’s network. Now the gravity of the situation is sinking in, isn’t is. Whereas a company may think that their network is confined in a space of one floor of a four storey building, the reality is that their network may transverse state lines!
Now, if a company has not invested in creating a climate of company cyber security, this is the time to do so. HR administrators must work to develop a company cyber security policy that is understood and adhered to by employees. That involves stating a clear policy, conducting training and regular check-ups and of course, selecting and implementing the appropriate technology.
Facts and Figures
The role of HR is becoming increasingly tricky because as opposed to traditional models whereby you have a team of X number of individuals working in a confined space, you have workers working from almost anywhere. These employees, with their host of digital devices, pose a great security risk for companies, and this risk is only growing.
A study carried out by Arlington Research found that from a poll of over 1000 US employees, 55% of the participants use work applications outside of the office. 10% shared their devices (which are linked to the company network)with their partners, while 13% do the same with their colleagues. A shocking 20% shared their work email password and 10% shared passwords of other work apps.
Below, you will find some pointers on how to strengthen your company’s security against cyber security breaches.
1. Acknowledge and understand what generates cyber security risks
This is the first step in ensuring your company is secure from online hacks – intentional or unintentional. These risks can be categorised into four areas.
Physical access – Phones, tablets and even laptops have become very portable thus very easy to steal. A hacker can easily bypass passwords and encrypted data off your employee’s devices once they gain physical access
Malicious code – These are threats that are usually socially engineered to trick the user into making their data accessible to a third party. Examples include pop-up ads and unsecured Wi-Fi connections.
Device attacks – These are designed to gain control of the device or prevent the owner from accessing any services
Insider threats – Devices can be used to download large amounts of corporate information onto small memory chips or transmit data over email services to external accounts.
2. Develop a cyber security policy
If your company does not have a cyber security policy in place already, you cannot blame your employees for not following it. An employee who forgets his unlocked phone in a restaurant is as dangerous as a malicious hacker who leaks your company information. To kerb this. Ensure that company data is encrypted such that if an employee has not taken personal precautions to ensure safety, your IT department can easily execute a selective wipe off their devices.
3. Train your workforce on cyber security
Train your employees on cyber security best practices and offer support thereafter. Many employees may understand the need for cyber security but do not know how to protect themselves online. Teach them how to manage passwords and avoid hacking. Employees should use strong passwords on all devices. A password management system may help automate the process of regularly changing passwords, such that employees will not have to remember multiple passwords.
4. Reevaluate your policy regularly
New threats to cyber security are emerging every day. Ensure that your company stays abreast of threat by reviewing your cyber security policy and retraining employees.
5. Make an action plan to follow if an attack does happen.
So you have a cyber security policy and have taken all necessary precautions but you still get attacked. This is still possible and your company should have a plan of how to deal with this. Although this is a reactive way of thinking, you sometimes cannot protect your company from attacks 100 percent of the time. Have a guideline of what steps are to be taken after the risk has been identified and how to prevent future attacks as this will show you the cracks in your system. Determine where valuable data is stored and evaluate what controls and procedures have been put in place to protect it. Most companies know that is not a matter of “if” there will be a cyber security breach, but “when”.
Cyber security is a concept that has been featured a lot in the recent past. Corporate bodies are acknowledging that they own or have access to unmeasurable repositories of data which, in the wrong hands, can be used as a lethal weapon not only against the company but individuals too. There is a lot of information out there regarding cyber security, it is just up to you to do your research or hire an advisor to help.