One of the key roles that the Information Technology (IT) department provides is protecting an organization’s computers and data from internal and external threats. Despite the efforts of the technically-savvy men and women in IT, there are many things the typical end-user can and frequently does that put the organization at risk. These are four ways that your end-users can unwittingly destroy your organization.
Users will expose your data
The average end user is a pro in his or her area of expertise. The Finance employee knows how to balance a ledger, and the HR employee is well aware of policies and procedures surrounding computer use. However, these experts may put your data at risk without even realising they are doing so. They may work from home on their personal equipment. They may use tablets or phones to access company data without verifying that the equipment has the appropriate level of protection installed. They may put personal devices on the company network, not realising that they are potentially exposing everyone else to whatever may be on that equipment.
Users will open and read email
Phishing and scams are all around us, and they’re getting sneakier by the day. Firewalls, intrusion detection, anti-virus and anti-spam software provide a layer of protection, but the person who opens and reads the email is the one who will open Pandora’s Box.
Users don’t update their applications
Applications become more vulnerable as they age. If users don’t proactively keep them up-to-date, they become especially vulnerable, as malicious developers can write exploits to take advantage of known vulnerabilities. Application control software can help protect your organisation from this type of exposure by combining dynamic whitelisting and privilege management.
Users are social
Employees often spend time on social media during the work day. They may share data that appears innocuous, but provides an attacker with the information they need to guess passwords, gain access to your facility, and more. A picture with an image of an access badge or a vague description of a meeting with a company official may provide the social engineering hacker the keys to the kingdom.
What you can do about it
Open communication and clear, concise messages about social media policies, data access and control, and communication may be your best defences against the risks that your users pose to your business. In the end, though, you can’t control your users, but you can control your applications and how up-to-date they are. Protect your applications, and you will protect your business.