All employees appreciate a fun-loving boss who allows them to go online throughout the day and check their email. Though this is convenient, it does present some very significant security risks that your employees may not have thought of. This is especially true of workers who have never received any type of security awareness training.
Just one careless employee can open an attachment that is infected with a Ransomware virus and shut down every computer in your building. And this is happening in companies across America each year. In fact, it has become a common story. One of your employees decides to check their email during lunch. They get an interesting survey from Starbucks that says they can win a $10 gift certificate simply by filling out this questionnaire. Everyone loves Starbucks, right? And surely a company like this would never send any type of malware through email.
If the employee would only have taken a moment and looked more closely at the email, they would see that it actually did not come from Starbucks at all. Clicking on the survey link has now downloaded a malware virus and it is quickly spreading to all the other computers. The cost to fix this one mistake will be thousands of dollars, not to mention the lost productivity for this company’s entire workforce.
Employees who have not been properly trained just don’t know what to look for and they can be your weakest link.
These are just a few of the many reasons why businesses, law firms, healthcare organizations, and others should not allow employees to use company computers for personal stuff. Though it might seem innocent enough, if the worst happens and your network is infiltrated by hackers, the eventual cost of this breach could be several million dollars.
Data Breach Reporting
The laws now are very clear about reporting a data breach. And yet some companies continue to disobey these laws and do things their own way. Because of this, government agencies that oversee data breaches are now cracking down. They are charging much higher penalties for violations.
This became necessary because so many companies who were being hit with data breaches were not following the laws. Uber is a good example. They suffered a data breach, then tried to negotiate with hackers. They paid the cyber thieves $100,000 to restore their data but also paid them additional monies NOT to reveal that the breach had occurred.
Executives at Uber tried to sweep this one under the rug. They were already under investigation and did not want to risk being heavily fined. Eventually, the authorities did learn about the data breach and the company was seriously penalized. Many experts called Uber’s actions during this breach “completely inexcusable.”
The Experian data breach affected over 200 million Americans. Experian basically did everything wrong a company can possibly do after a data breach. They, too, tried to cover up what had occurred, lying to the public and to authorities. Their reputation has been seriously compromised not only because of the breach itself but due to the way, they mishandled it.
Events like these have resulted in many states developing much stricter database laws. As we move into the future, it should be clear to all business owners that this is one area where we must all become experts.
What Can You Do Protect Your IT Infrastructure?
One of the first things that we recommend for companies is security awareness training for all employees. This is a simple and cost-effective step that can help your company avoid an expensive data breach. Employees should be aware of the latest phishing and spear phishing campaigns. They should understand what’s at stake if they click on the wrong link or open an infected attachment. Once your employees are well-trained, they can become your best hope of avoiding a cyber disaster.
Of course, your computers and network need the very best security protocols in place. This includes a layered security approach that addresses every area of your IT infrastructure that thieves might utilize.
There are many other ways that you can take control of your network and avoid becoming a victim. At One Source Imaging, we recommend a thorough assessment of your network security to begin with. This will show us any vulnerable areas that require immediate attention. Next, we put together a comprehensive plan that addresses each component of your network.
Of course, security is a day-to-day ongoing process. But we stay on top of the evolving threats. We understand that this is one problem that will not be going away anytime soon. The One Source team will make sure your business defenses can withstand whatever cyber thieves may throw at you.
If you enjoyed this article, you may want to check out others on our Blog: