The risks of operating a business of any size can be immeasurable; whether it be a change in the market, stiff competition, legal and compliance risks, or any of the other countless threats that a business owner faces on a regular basis. But did you ever stop to think that the biggest threat to your business can be your very own employees?
Below are some key areas to focus on when considering whether or not your Employees are Your Weakest Link:
Endpoint devices such as USB sticks are very common devices to have in the workplace. Employees often use USB sticks to transfer files from one computer to another and among coworkers, but these types of devices present a security challenge for all business owners. With USBs prevalent in the office, employees can simply bring in their own device and upload company files to it without anyone ever noticing. Employees may also be negligent and lose the device, posing the threat of someone outside of the company accessing the files on the device.
Other risks of endpoint devices in the workplace include employees accessing computer endpoints to charge their smartphones, employees bringing in personal storage devices, as well as the threat of Wi-Fi adapters which could intercept company Internet feeds.
Though there has been a drastic shift from print to digital, almost every company continues to produce print material. As innocent as one may assume print material to be, having employees handle print material imposes a threat to the security and confidentiality of your company’s information.
For one, employees can easily print more than the authorized amount of copies that they could take home or share with outside sources. Likewise, employees can also take photos of the print material with their phones, or they can choose to use any of the free apps that act as a scanner to scan a copy of the file.
Allowing your employees to access their personal emails at work may seem like common courtesy, but allowing them to do so actually increases the vulnerability of your company files. Since most professional business-specific emails have the ability for managers to investigate any emails sent to or from the account, employers can rest easy knowing that their employees won’t be sending sensitive information to unauthorized email recipients.
Unfortunately, this is not the case for personal emails. Employees with access to their personal emails can easily send company files and data from their own email account to another, with no way for the business owner to find out.
Phishing scams are among the most common types of digital scams, with phishing attempts increased by 65% and 76% of businesses reporting a phishing scam in the last year. These statistics should alarm any business owner, as phishing scams account for 90% of all data breaches worldwide. When a phishing scam is executed on a company computer, all of the stored data becomes at risk of exploitation. Data such as employee records, confidential client agreements, financial information, and more can all be exposed by those executing the scam.
Employees are faced with the risk of phishing scams quite regularly, and many employees may not be able to recognize such an attack. Without the proper training or education, employees may be naive and fall victim to a phishing scam, leading to a major disruption in your business’ operation.
In many industries, employees are often on the road conducting business with associates outside of the office. This means that employees take their company computers, smartphones, endpoint devices, and other company property with them on the road and to many different locations. Though having employees working remotely is often a convenience and necessity, it is also a major risk to your business.
For one, remote employees often choose to do work or schedule meetings at coffee shops and cafes. Given the susceptibility of the Wi-Fi network in those types of locations, your company’s data can be at the mercy of opportunistic cyber attackers who can make a living by exposing such data. In fact, 62% of all Wi-Fi related security incidents occur in coffee shops and cafes.
Aside from the risk associated with employees working over susceptible public networks, employees may also misplace company property which can fall into the hands of the wrong person.
All in all, it is hard to enforce proper security measures for remote employees, which increases the risks that your company faces.
The risks of cell phones in the workplace are plentiful, and to cover them all in a few paragraphs would be quite the challenge. For the sake of this article, we will focus on the risks cell phones impose on productivity, privacy, and security.
It goes without saying that cell phone usage in the workplace can negatively affect the productivity levels of your business. When employees can freely access social media and games on their smartphones on company time, they are distracted from and uninterested in the tasks at hand. This loss in productivity becomes exponential and can cause your company to lose out on revenue.
When it comes to privacy in the workplace, cell phones are the number one threat. With high-quality cameras equipped to every smartphone, employees can easily take unsolicited photos of coworkers or business associates. This can lead to major legal issues as the privacy of the victim is at great risk.
Perhaps the most serious of the mentioned risks related to cell phones in the workplace is security. Given the power of modern smartphones, capable employees can now develop software to illegally upload or download files from company computers which can result in malware attacks or data breaches.
Get started today—Download the FREE template and customize it to fit the needs of your organization.
As a business owner, your employees should be contributing positively to your operation in order to maximize revenue. When your employees are not doing so, you are faced with losses in productivity, legal issues, and major security threats. To mitigate against these types of concerns, you should educate and train your employees so that they are knowledgeable enough to defend themselves from these threats. Along with proper training, there are many policies and software tools to secure your company.
Cookie | Duration | Description |
---|---|---|
__cfruid | session | Cloudflare sets this cookie to identify trusted web traffic. |
cookielawinfo-checkbox-advertisement | 1 year | Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category . |
cookielawinfo-checkbox-analytics | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics". |
cookielawinfo-checkbox-functional | 11 months | The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional". |
cookielawinfo-checkbox-necessary | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary". |
cookielawinfo-checkbox-others | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other. |
cookielawinfo-checkbox-performance | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance". |
JSESSIONID | session | The JSESSIONID cookie is used by New Relic to store a session identifier so that New Relic can monitor session counts for an application. |
LS_CSRF_TOKEN | session | Cloudflare sets this cookie to track users’ activities across multiple websites. It expires once the browser is closed. |
OptanonConsent | 1 year | OneTrust sets this cookie to store details about the site's cookie category and check whether visitors have given or withdrawn consent from the use of each category. |
viewed_cookie_policy | 11 months | The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data. |
Cookie | Duration | Description |
---|---|---|
__cf_bm | 30 minutes | This cookie, set by Cloudflare, is used to support Cloudflare Bot Management. |
_zcsr_tmp | session | Zoho sets this cookie for the login function on the website. |
Cookie | Duration | Description |
---|---|---|
_calendly_session | 21 days | Calendly, a Meeting Schedulers, sets this cookie to allow the meeting scheduler to function within the website and to add events into the visitor’s calendar. |
_gaexp | 2 months 11 days 7 hours 3 minutes | Google Analytics installs this cookie to determine a user's inclusion in an experiment and the expiry of experiments a user has been included in. |
Cookie | Duration | Description |
---|---|---|
_ga | 2 years | The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors. |
_ga_GY6RPLBZG0 | 2 years | This cookie is installed by Google Analytics. |
_gcl_au | 3 months | Provided by Google Tag Manager to experiment advertisement efficiency of websites using their services. |
_gid | 1 day | Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously. |
CONSENT | 2 years | YouTube sets this cookie via embedded youtube-videos and registers anonymous statistical data. |
Cookie | Duration | Description |
---|---|---|
_opt_expid | past | Set by Google Analytics, this cookie is created when running a redirect experiment. It stores the experiment ID, the variant ID and the referrer to the page that is being redirected. |
IDE | 1 year 24 days | Google DoubleClick IDE cookies are used to store information about how the user uses the website to present them with relevant ads and according to the user profile. |
NID | 6 months | NID cookie, set by Google, is used for advertising purposes; to limit the number of times the user sees an ad, to mute unwanted ads, and to measure the effectiveness of ads. |
test_cookie | 15 minutes | The test_cookie is set by doubleclick.net and is used to determine if the user's browser supports cookies. |
VISITOR_INFO1_LIVE | 5 months 27 days | A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface. |
YSC | session | YSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages. |
yt-remote-connected-devices | never | YouTube sets this cookie to store the video preferences of the user using embedded YouTube video. |
yt-remote-device-id | never | YouTube sets this cookie to store the video preferences of the user using embedded YouTube video. |
yt.innertube::nextId | never | This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen. |
yt.innertube::requests | never | This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen. |
Cookie | Duration | Description |
---|---|---|
_dc_gtm_UA-6494714-6 | 1 minute | No description |
_gaexp_rc | past | No description available. |
34f6831605 | session | No description |
383aeadb58 | session | No description available. |
663a60c55d | session | No description available. |
6e4b8efee4 | session | No description available. |
c72887300d | session | No description available. |
cookielawinfo-checkbox-tracking | 1 year | No description |
crmcsr | session | No description available. |
currentware-_zldp | 2 years | No description |
currentware-_zldt | 1 day | No description |
et_pb_ab_view_page_26104 | session | No description |
gaclientid | 1 month | No description |
gclid | 1 month | No description |
handl_ip | 1 month | No description available. |
handl_landing_page | 1 month | No description available. |
handl_original_ref | 1 month | No description available. |
handl_ref | 1 month | No description available. |
handl_ref_domain | 1 month | No description |
handl_url | 1 month | No description available. |
handl_url_base | 1 month | No description |
handlID | 1 month | No description |
HandLtestDomainName | session | No description |
HandLtestDomainNameServer | 1 day | No description |
isiframeenabled | 1 day | No description available. |
m | 2 years | No description available. |
nitroCachedPage | session | No description |
organic_source | 1 month | No description |
organic_source_str | 1 month | No description |
traffic_source | 1 month | No description available. |
uesign | 1 month | No description |
user_agent | 1 month | No description available. |
ZCAMPAIGN_CSRF_TOKEN | session | No description available. |
zld685336000000002056state | 5 minutes | No description |