Many employees think their actions on their computers or mobile devices can’t affect their organizations, but they can — and to a great extent. A notable example is eBay, one of the biggest ecommerce companies in the world. The eBay hack, in which 145 million user details were compromised, is still fresh in our memory. What very few people realized, however, was that the hack was only successful because the computer security of three key eBay employees was compromised.
If you don’t want to lose your job, be sure to avoid these security mistakes:
1. Don’t Ignore or Bypass Your Company’s BYOD Policy
Most companies have a BYOD (Bring Your Own Device) policy. Some allow employees to access privileged company information on their own devices as long as some guidelines are followed, while most companies prohibit accessing any form of privileged company information on personal devices.
Considering how enamored we are of our devices, and the fact that we usually find them easier to use, it’s tempting to bypass your company’s BYOD policy and simply try to access your company server on your device. Doing so could have serious consequences, though. The few minutes (or hours) of working on your favorite device, when it’s against company policy, could lead to your company server being compromised. And when investigations reveal that it was because you broke company policy, it goes without saying that your job won’t be safe.
2. Don’t Connect to the Company Server on a Public Network
Another critical mistake that could compromise your organization’s network security is accessing your company server on a public network. Most people do not know that most public networks are insecure — even if they are protected with a wireless key. So that free internet you’re using at the cafe or on the bus during your commute could just be your undoing.
If you really have to access the company server outside of a secure network, all hope is not lost. You can simply use a VPN. There are entire sites, like The Best VPN, dedicated to curating VPNs and information about them, giving users a breakdown of how various VPNs work including whether they are free or paid, as well as whether they log user information.That free internet at the cafe could just be your undoing. Click To Tweet
3. Don’t Open Attachments From Unknown People on the Company Server
If you didn’t hear about the WannaCry ransomware attack that occurred early this year, it might be a good idea to do some research. The attack, which targeted corporate networks, compromised the U.K.’s National Health Service, FedEx, Telefonica and other major corporations — an estimated 300,000 computers were affected. As with most ransomware, most people’s computer got infected when they downloaded unknown email attachments or files.
In general, avoid downloading and opening any attachment or file on your corporate devices unless certified to do so by IT. That will save you and your organization a lot of headache.
4. Relying on Your Antivirus and Firewall
Most people have great confidence in their antivirus and firewall applications, believing that they are completely safe from intrusions as long as they have them. The reality is that antiviruses, anti-malware and firewalls are not 100 percent safe. They have been bypassed several times in the past, and they will be bypassed again. It’s a very good first step to install and update this software, as it indeed takes care of a lot of security issues, but don’t relax once you have anti-malware in place: avoid the security mistakes listed above and be cautious about security in general.
Tell Us What You Think
What other mistakes would you add to this list? We want to hear from you. Share your tips in the comments or join the conversation on Twitter.