10 Ways Your Employees Pose a Security Risk for Your Organization
eWEEK.com posted an interesting article summarizing the top business security risks on their web site. We summarize here:
1. USB Drives - Unprotected USB drives are a prime way of letting sensitive company data walk out the door. Short of blocking USB flash drives altogether, companies can use device management software to monitor the ways the drives are being used.
2. Laptops - Employees are taking laptops everywhere, especially as they get lighter, making them more vulnerable to loss or theft. But even taking them to the safety of employees' own living rooms doesn’t protect these devices from infection through improperly secured home networks, exposing enterprise networks to viruses and other malware.
3. P2P - Applications such as Skype and instant messaging create security holes that can let Trojans and other spyware onto your network, particularly if employees are allowed to share those infected files.
4. Employees sending sensitive work files to their unaudited personal Web addresses are vulnerable to having their accounts hacked and critical company data stolen because, in theory, Web mail doesn’t have the same security as your enterprise e-mail.
5. WiFi - Logging onto unsecured wireless networks at home, the local Starbucks or on the road leaves data at risk unless employees are careful to log onto networks through a VPN or take other security measures.
6. Smart Phones - Allowing employees to bring nonstandard-issue smart phones and PDAs into the workplace means they’re storing highly portable and sensitive data on equipment that they can take home with them if they leave the company, leaving you with little or no security recourse.
7. Collaboration Tools and Hosted Software - Collaboration tools such as SharePoint, wikis and even e-mail distribution systems are great in theory but security risks in practice, unless administrators actively monitor the distribution and usage of user names and passwords. Not taking these security measures leaves the systems open to people who should not have access.
8. Social Networks - Facebook and MySpace in particular are unsecured and invite employees to share critical information while wasting time, while add-on applications available through those sites could hide malware and spyware, posing additional security threats.
9. Unauthorized Software Updates - Allowing employees to download patches or upgrades before your networks are ready can render user PCs and the network itself vulnerable to hacks and other security attacks.
10. Virtual Networks - Avatars posing as colleagues or "friends with benefits" could actually be competitors hoping for a chance to steal corporate data, passwords or other access vectors to sensitive information.
posted by Backup Central @ 8:28 AM
