Numentis

5 Employee Bad Habits Risking Company Data

When people think about cyberthreats, they usually think of external threats caused by cybercriminals living in remote locations. However, 95% of security breaches are caused by internal human errors. Employee bad habits act as a catalyst for poor security practices within an organization and put a company’s data at risk.

Here are five common employee habits that can adversely impact a company’s security:

1. Poor Documentation Practices

  • Multiple employees view, edit and share your critical documents throughout the day. Without tracking who is accessing the documents, your data is more likely to get misplaced. You also need to incorporate access permissions, version control, etc., to limit access to critical data.
  • Employees who rely on manual documentation tend to miss key information, which creates room for errors and puts data at risk.
  • Employees who do not create or document a disaster plan for themselves or are not aware/trained on what to do post a cyberattack, tend to lose vital company data that can never be retrieved.
  • Lack of rules for accessing data from external networks can easily put your data at risk. You need to encrypt both your data transfer and storage.

2. Poor Password Practices

  • Weak passwords may not seem like much for an individual employee. However, when hundreds of employee practice poor password hygiene, it provides hundreds of entry points to hackers.

“According to Cisco
18% of employees share passwords
with their co-workers.

  • Using the same password for every software/app or setting an easily guessable password is one of the most common reasons why companies get hacked.
  • Many employees also make the mistake of storing passwords in unsecure, easily accessible documentation storage platforms like Google Drive

3. Shared Accesses To Important Files

  • When multiple employees share access to critical documents, it becomes hard to keep track of who can access them. You need strict policies to monitor who has access to what. Also, set up mechanism for authenticating each individual user when accessing a critical document.
  • When a document is circulated among several users, it becomes difficult to identify who made the edits. This increases the risk of documents being tampered with or outdated information being used. Rather than circulating it through emails or private message, use a document management system that allows proper versioning with logs and edit info.
  • When shared files are not password protected, it leaves them vulnerable to attack. Make sure you secure all your critical files with passwords.

4. Disregard for Security Training & Measures

  • Many employees turn their backs on regular/annual security training since they feel it doesn’t apply to them.
  • Some employees even ignore company offered security solutions like VPNs, auto data backup and recovery apps out of sheer incomprehension or laziness.

“About 48% of employees
didn’t believe that security
policies applied to their role.

5. Creating Personal Accounts with Corporate Logins

  • By doing this, employees are basically putting their passwords and credentials out in the open, making themselves and the data they hold easy targets.
  • Doing the same with unauthorized or unsafe websites can result in huge damage and loss, sometimes pushing an organization to the point of no return.

“About 20% of employees reuse
their passwords for corporate
and personal work applications.