- Human error (such as stolen laptops and smartphones)
- Spear phishing, also known as social engineering targeted at employees
- Social and political “hacktivists.”
Three of these risks are employee-centric making humans the weakest the link in cybersecurity. The reason is that employees misplace or lose laptops, phones, and flash drives, open unsuspecting emails that take over company systems, disgruntled employees make off with critical organizational files, and then try to extort money from the business in exchange for the stolen files. Although, it is not always possible to know which employees are likely to be malicious insiders, there are several actions organizations can take to improve overall employee security awareness. The five ways to implement tighter security in your organizations include:
1. Carefully terminate an employee
If an employee is placed on leave or terminated, immediately disconnect the employee from all systems, networks, and building access points, and collect all mobile devices/laptops issued to the employee. Then walk the employee out the door. Activities like this might seem callous to other employees, but it is necessary in many of today’s highly proprietary environments.
2. Install zero trust networks
When you install zero trust networks shadow IT (and every other IT asset) can be monitored. A zero trust network only admits individuals authorized for network access. That means that if an end user goes around IT (and IT security) in an effort to fast track the launch of an application, he or she will be denied access to corporate IT data and
resources when a network connection is tried. A zero trust network is a good way to enforce security, and it also offers easy ways to track and trace unusual attempts at access and/or unusual network usage patterns.
3. Limit information transfers to BYOD devices
Because BYOD devices are used at home and at work, they are easy to lose, misplace or misuse. A sound approach is enabling mobile access and storage of corporate data on the cloud only.
4. Discourage password sharing
As old as the password sharing security blunder is, it’s still happening. Users should be regularly reminded never to share passwords – by their supervisors as well as by IT.
5. Put security a front and center
In one case, a technology company placed security information kiosks in its cafeterias so that employees could view. The move sent a message to employees that security and data privacy was of
utmost concern to the company, and that it expected it to be a cultural value everyone subscribed to. Establish a security culture in your organization.