Security software can keep data safe. Strong encryption and sophisticated access controls can keep data out of the wrong hands, but for the information in the systems to be useful, employees have to be able to access and manipulate it.
The legitimate access granted to employees also makes them prime targets for social engineering attacks and other attempted hacks. Their desks, offices, and work areas may contain everything a hacker needs to bypass the other security measures your company has in place. Here are some of the most common security mistakes the employees at your company may be making.
Using common passwords on sensitive accounts
One of the most common security mistakes employees make is to use simple common passwords on their sensitive work accounts. Passwords like ‘Password123’ are far too common, and while password complexity requirements can keep employees from using ones that are that simple, it won’t stop them from using ‘P@ssw0rd123’ which is also incredibly common.
Keeping passwords on sticky notes on the monitor
Complex passwords can make it difficult for hackers to get into an account by guessing common passwords. However, if the employee needs to have the password written down and stuck to the monitor to remember it, the security of the password’s complexity is undone by carelessly leaving it out in the open for anyone to see. Keeping a password on a sticky note on the monitor leaves it vulnerable to hackers that enter the office as well as other employees who may wish to access the system under their colleague’s account.
Keep unauthorized individuals away from hardware
Passwords and encryption are important, but it is also vital to keep in mind the physical security of the hardware. Employees need to keep a close eye on the laptops and other devices they use to log into their accounts. A hacker could attempt to compromise their hardware by installing a key-logger on an employee’s device if they step away from their desk without locking their computer. With the key-logger installed, they can see all of the employee’s keystrokes and steal the password the next time they log in to their account.
Leaving sensitive documents on the printer or desk
While printed documents will rarely have account passwords on them, forgetting documents on the printer or leaving them on a desk can make it easy for people snooping around the office to see sensitive information they shouldn’t have access to. Keeping work spaces clean and sensitive documents locked up can help prevent this sort of snooping.
Leaving access cards in a drawer
Many employees have access cards that they only use to get into various parts of the office. Since they don’t need the cards to get into the office, they may find it more convenient to keep the card in their desk drawer rather than carry it around all the time.
It is difficult to know for sure who is in the office after hours. Imagine a scenario where a hacker takes a job with the office cleaning company to harvest sensitive information from employees’ desks. Therefore, it is important that employees are vigilant about keeping their work spaces free from anything that hackers could use to gain access to the system.
Many of these security mistakes are things that most employees know to avoid, and yet they are still common mistakes. Implementing policies around these areas can be a great compliment to your encryption and access management programs.
If you are looking for ways to keep the data on your system secure with encryption or your user accounts secure with better password managements, then sign up for a free trial of one of ASPG’s enterprise security products.
