Viruses, phishing, data theft… The threats to your business are many, and not as far removed as you think. Here are five (unintentional) employee attitudes that threaten the confidentiality, availability and integrity of your data.
Patrick Boucher, president of Virtual Guardian, a company specializing in the field of IT security, summarizes the situation quite simply: “There are three angles of attack in computer security: people, processes and technology.” According to him, the employees are the weakest link in this scenario, since nearly 70% of faults are due to human error.
Lending their computer equipment to another person, not having a security code on their smartphone, using a personal device for work or disabling viruses, for example, are all errors committed by employees. However, according to Boucher, the real problem lies elsewhere, in five employee attitudes, and sometimes even those of their superiors.
1. Ignoring safety
“There is important work to be done in terms of educating and making managers and their employees aware,” said Boucher. In many cases, ignorance is responsible for a company’s breaches in information security. Employees often don’t know what policies are in place to ensure data security, therefore not making them aware of any risky behaviours.
2. Disempowering
According to Patrick Boucher, employees assume that everything is taken care of by their respective IT departments. “If there is a problem, they rely on them, by disempowering the damage they may have caused and innocently believing that everything can be resolved.” But that's not reality. Boucher also believes that better communication is essential between those responsible for information security and employees. Not only to know who does what, but to adopt a more respectful attitude towards everyone's responsibilities.
3. Not reporting a problem
Employees will experience problems. They will, for example, see that a virus has infected their computer and will seek solutions on the Web. “The employee should not omit to relay this information to those responsible for IT security. Even if the employee seems to have solved the problem, the intrusion into the system can continue and data security is not assured. It is not limited to each individual computer,” says Boucher.
4. What are we trying to protect?
These examples bring us back to the issue of education and awareness in the workplace. According to Boucher, “the majority of employees do not know exactly what their company wants to protect.” It is therefore normal that their actions pose significant consequences, even if unintended.
5. Lack of resources
A manager’s attitude can also affect the protection of corporate data. We do not want spend too much money nor time in training employees. “In Quebec, we are not very progressive when it comes to computer security,” says Boucher. “However, it should be at the heart of every manager’s decision-making process in order to prevent hazards from developing. Sooner or later, all businesses face a security incident.”
According to him, preparation is the best tool for any company that wants to protect the confidentiality, availability and integrity of its data.