The Top 3 Data Security Mistakes Employees Make

Data security is a big concern for organizations today. Cyberattacks are increasing steadily, and unfortunately, antivirus software, firewalls, and encryption can only go so far. With almost 90% of all attacks resulting from human error, it’s easy to see how the attackers can slip in the back door.

Here are the top three data security mistakes employees are making, and what you can do to help prevent these mistakes from happening at your workplace.

Reusing passwords

This one continues to make the top of the list. Unfortunately, employees often have to log into several systems at work, not to mention all the ones at home. There are only so many “good” passwords that go through a person’s head and trying to remember computer-generated passwords in nearly impossible. 

People tend to go one of two ways — they either pick the perfect password and reuse it for every account they have, or they pick the perfect password and put it on a sticky note under the keyboard. Neither of these is a great option.

Have your employees spend time picking new passwords, using a combination of upper and lowercase letters, numbers, and special characters. Remind them often about the importance of using different passwords for each system. Set up an expiration so that they have to choose new passwords every 30, 60, or 90 days. Frequently changing the password will help mitigate cybersecurity threats. Also, monitoring your network for attacks can stop them before they start.

Using mobile devices

Employees are regularly using phones, tablets, and laptops for work. Productivity improves, and employers can give their employees more flexibility. Using mobile devices for work, however, also means that employees might use unsecured networks. An IBM study showed that 45% of the respondents believed it was likely they could be the victim of a cyberattack, yet 70% used their mobile devices. 

When an employee checks their email on their phone, or logs in on their laptop using a Wi-Fi network, there is a chance that the connection is not secured. A hacker can and often does access these networks, waiting for someone with sensitive data to use the network. 

Make sure your employees are using their phones and laptops for personal use. If they are going to use them for work purposes, protect your network with a VPN (virtual private network) so that they can log in to protect company data and mitigate risk. 

Internal security issues

As if it’s not bad enough that companies constantly worry about cyberattacks. They also must keep an eye on the workplace itself as some attacks come from within their own walls. 

Employees leave their desks for any number of reasons during the day, often forgetting to lock their computers before they go.  Visitors are often in the workplace and can unintentionally get hold of information they weren’t meant to see, passing it on to someone who should not see it.

Make sure employees lock their computers and clean up their workstations before they leave their desks. The extra few minutes can save the company from a big headache later on. Make sure the company has a risk management plan in place to monitor for these attacks.

Keep your employees aware of the latest attack activities in the workplace. Make sure new employees go through a cybersecurity training class when they start their employment and be sure to refresh that training with current employees once a year. The more knowledge your employees have, the less likely your company is to be attacked. They can prepare themselves, and know what to do before they make a mistake that can’t be easily fixed. On the backend, have a backup plan in place, just in case the worst happens.