Top 5 Risks caused by employees’ actions

Employees generally do not mean to harm the organization for which they work; however, sometimes due to a lack of due diligence or even lack of education on security employees might pose a grave security risk to an organization. Below is a list of risks that a business could face due to an employee’s actions.

1. Insider intrusion

Employees tend to hate remembering passwords especially if they’re forced to change it periodically. Many times they get around this by simply writing the password down and sticking it to a monitor thus giving other employees who might have bad intentions ammunition
Talking with their co-workers about their password policies
Opening shares and not properly securing them
Unintentionally executing Trojans

2. Virus Infections

Bringing software into the company from home on portable storage together with a virus infection
Accessing sites that are infected while at work
Downloading software
Opening shares on their machine without proper security

3. External intrusion

Installation of a Wireless Access Point
Using company infrastructure from a public computer in an internet café while travelling
Falling victim to phishing, social engineering attacks
Unknowingly installing Trojans

4. Stolen data

Sending confidential data home (even innocently to continue working from home) where this, in turn, gets intercepted on the way or stolen from the home computer which some hacker might previously have compromised
Losing laptops or pen drives with confidential data
Not encrypting confidential data
Installing software infected with malware
Mistakenly share confidential data after installing P2P software

5. Legal Liability

Downloading copyrighted material
Sending jokes via email that might be racist or discriminatory
Accessing pornographic content from work which might be illegal
Posting slanderous comments on forums from work

In most of the cases educating employees can help reduce the indents listed above to a minimum. Periodic network monitoring and access control can also help protect against incidents such as unauthorized software installation.

Have you encountered other scenarios which are not listed above? Feel free to leave a comment and share your experiences.

Janet Kline July 31, 2010 at 2:39 am
We used to have to bring home some of our work but due to the vulnerabilities these actions present, our office decided to subscribe to a remote desktop control service. It’s a bit of an inconvenience especially if the connection is slow but I guess this is a safer way. Right?
Lilibeth Suarez August 14, 2010 at 5:08 am
I’m not really sure where to direct this question. I’ve had it for sometime now, but only remembered it again while reading this article.
With regards to keeping data as accessible to the most relevant team members as possible (most especially when it comes to group oriented projects) what’s your take on sites that offer services such as Backpack or Google Wave? I’ve recently realized that such sites may not be as secure as we may think, but are designed to cater to the business-minded individual.
angel August 14, 2010 at 5:14 am
We’re actually considering switching to that system now. With a lot of our work being brought home, (and most of the staff constantly losing their flash drives), we’ve brought up the idea of implementing a remote desktop control service. The connection issue is, of course, one of our primary concerns, but we’re hoping to conduct a number of field tests before going all in on this.
But how has it been on your end so far?
Gerard Lipton August 14, 2010 at 7:20 am
We’ve actually run into some concerns with point number five; more specifically, “sending jokes via email that might be racist or discriminatory.”
I know office humor does lighten the mood quite a bit when you’re really in the crunch of things, but it’s hard to gauge the appropriateness of a lot of punch lines if you’re not quite sure what kind of background a lot of your officemates are coming from.

Comments are closed.

If you have used this form and would like a copy of the information held about you on this website, or would like the information deleted, please email privacy@gfisoftware.com from the email address you used when submitting this form.

Top 5 Risks caused by employees’ actions

1. Insider intrusion

2. Virus Infections

3. External intrusion

4. Stolen data

5. Legal Liability

About the Author: Emmanuel Carabott

4 Comments

Top 5 Risks caused by employees’ actions

1. Insider intrusion

2. Virus Infections

3. External intrusion

4. Stolen data

5. Legal Liability

Get your free 30-day trial

Get your free 30-day trial

About the Author: Emmanuel Carabott

4 Comments