An organisation’s cybersecurity is only as strong as its weakest link. Often, this link isn’t malicious malware, it’s everyday employee behaviours that create vulnerabilities hackers can exploit. Roland Singer, VP IT Services Sharp Europe, looks at the most common risky behaviours in the workplace and provides actionable strategies employers can use to overcome security risks.
Sharp Europe recently surveyed 11,000 employees in SMEs across Europe about their attitudes to security in the workplace. The survey found that two-thirds of them are engaging in what can be perceived as ‘risky tech behaviours at work’.
The survey revealed five secret working habits that make for interesting, and in some cases alarming, reading. However, all can be resolved with the implementation of a security policy – involving personal training and technology intervention - that meets the needs of the business and its employees.
1: Logging into Unsecured Wi-Fi Networks Using Company Devices
When employees are out of the office and connect to public Wi-Fi networks, whether that is on the local coffee shop, on the train, or even in hotels when on business, they expose company data to potential man-in-the-middle attacks and unauthorised access. 16% of employees surveyed admitted to logging into unsecured Wi-Fi networks using company devices putting data and company information at potential risk.
Solution to logging into unsecured Wi-Fi networks
The first step to solving the use of unsecured Wi-Fi access is to implement a company-wide VPN. By choosing a reliable business VPN solution with strong encryption protocols and configuring devices to automatically connect to the VPN when on unknown networks you can ensure that all remote connections are encrypted and therefore any data accessed or shared is secure.
2: Failure to Log Out of Work Accounts at Night
In the Sharp survey, it was found that 15% of employees fail to log out of work accounts at the end of the working day. This can cause issues as staying perpetually logged into work accounts creates extended windows of opportunity for unauthorised access, especially if the device is then subsequently lost or stolen.
Solution to failing to log out of work accounts
The most obvious solution is to create clear policies that require staff to logout at the end of the working day. This can be reinforced with periodic compliance checks and security audits focusing on active sessions. However, if the issues persist it may be necessary to implement single sign-on (SSO) solutions with customisable idle timeout features, such as deploying a screen lock that activates after a set short period of inactivity.
3: Failure to Regularly Update Laptops
Outdated software contains known vulnerabilities that cybercriminals actively target, making regular updates a critical security practice. However, not all employees are technically adept at managing the upkeep of the tools and devices they are issued to do their daily tasks. Many will admit that the onus should be on the employer and not the employee to carry out updates.
Solution to failure to regularly updating of laptops
Deploying centralised update management tools, with a centralised dashboard to monitor update compliance across all devices, is key to maintaining healthy and secure laptops across the business. By establishing regular maintenance windows dedicated to system updates and configuring automatic updates to install during off-hours employees will always have the latest laptop updates so they can focus on work and not maintenance.
4: Downloading Unauthorised Software onto Work Laptops
In our survey, 14% of respondents claimed to have downloaded unauthorised software onto their work laptops. Unauthorised software not only introduces potential security vulnerabilities but also creates compliance issues and system performance problems.
Solution to downloading unauthorised software onto work laptops
The most obvious solution is to deploy endpoint protection solutions that block unauthorised download installations, while implementing application whitelists to restrict installable software. If software is a requirement, develop a pre-approved software catalogue employees can choose from, or create streamlined software request workflow with security review.
5: Visiting or Downloading Content from Dubious External Sources
No one needs to be told how much content can be found on the internet. However, employees do need to be reminded regularly that their work devices are not the same as their personal ones, and that caution should be used when accessing content. After all, malicious websites and downloads are primary sources for malware infections entering a business, resulting in potential data theft, and even ransomware attacks.
Solution to staff visiting or downloading content
All employees should be provided with regular training on recognising phishing and suspicious websites and taught how to identify suspicious activity should they come across it. Equally, on a network level it is important to deploy web security gateways that scan for malicious content, while next-generation firewalls with application awareness capabilities will securely lockdown your business from dangerous content.
How to Safeguard your Business Against Risky Behaviours
Understanding issues within any business starts with identifying the challenges being faced. Partnering with a managed service provider that offers a deep, broad range of technical skills, together with the dedicated resources can not only help with defining the strategy needed but also activate the necessary next steps successfully.
Sharp Europe IT Consultancy can offer advice on key business decisions when needed. By implementing a balanced approach of technical controls, clear policies, and ongoing education, businesses can effectively mitigate the risks associated with common workplace habits.
Furthermore, Sharp Security Awareness Training has been designed to reduce the complexity of IT security training within a business of any size. Using a cloud-based training platform, it enables businesses to raise cybersecurity awareness and minimise the risk of successful cyber-attacks.
Ultimately, the most effective security programs acknowledge human nature and create systems that make secure behaviours the path of least resistance. If you would like to know how Sharp Europe IT Services can help, contact us.
