Employees generally do not mean to harm the organization for which they work; however, sometimes due to a lack of due diligence or even lack of education on security employees might pose a grave security risk to an organization. Below is a list of risks that a business could face due to an employee’s actions.

1. Insider intrusion

  • Employees tend to hate remembering passwords especially if they’re forced to change it periodically. Many times they get around this by simply writing the password down and sticking it to a monitor thus giving other employees who might have bad intentions ammunition
  • Talking with their co-workers about their password policies
  • Opening shares  and not properly securing them
  • Unintentionally executing Trojans

2. Virus Infections

  • Bringing software into the company from home on portable storage together with a virus infection
  • Accessing sites that are infected while at work
  • Downloading software
  • Opening shares on their machine without proper security

3. External intrusion

  • Installation of a Wireless Access Point
  • Using company infrastructure from a public computer in an internet café while travelling
  • Falling victim to phishing, social engineering attacks
  • Unknowingly installing Trojans

4. Stolen data

  • Sending confidential data home (even innocently to continue working from home) where this, in turn, gets intercepted on the way or stolen from the home computer which some hacker might previously have compromised
  • Losing laptops or pen drives with confidential data
  • Not encrypting confidential data
  • Installing software infected with malware
  • Mistakenly share confidential data after installing P2P software

5. Legal Liability

  • Downloading copyrighted material
  • Sending jokes via email that might be racist or discriminatory
  • Accessing pornographic content from work which might be illegal
  • Posting slanderous comments on forums from work

In most of the cases educating employees can help reduce the indents listed above to a minimum.  Periodic network monitoring and access control can also help protect against incidents such as unauthorized software installation.

Have you encountered other scenarios which are not listed above? Feel free to leave a comment and share your experiences.