01323 404040
info@mtechsystems.co.uk
M-Tech SystemsM-Tech SystemsM-Tech SystemsM-Tech Systems
  • Home
  • About
    • Partners & Accreditations
    • Careers
  • Solutions
    • Managed Services
      • Technical Services
      • Managed IT Support
      • Proactive Monitoring
      • Reseller Partners
    • Education
      • Microsoft Teams for Education
      • Google Classroom
      • Broadband for Education
      • Multi-Academy Trusts
    • Cyber Essentials
    • Client | Server Solutions
      • Virtualisation
      • Microsoft Desktop Management
      • Apple Device Management
      • Nutanix
    • Clever Cloud & Data Centre
      • mtech.cloud
      • UC & Telephony
      • Office 365
    • Storage
    • Security & Threat Management
      • Next Generation Firewalling
      • Safeguarding in Education
      • Multi-Factor Authentication
      • Content & eSafety
      • Endpoint Protection
      • Physical Security
      • Web Data Control
    • Availability & Disaster Recovery
      • Backup & DR
      • Veeam Backup for Microsoft Office 365
    • Connectivity
      • Buyer’s Guide to Connectivity
      • M-Tech CloudConnect
      • Connectivity & WAN Networking
      • Enterprise Wireless
    • Telephony & Unified Communications
      • Hosted Telephony
    • Mobility & Agile Working
    • Audio Visual
      • Interactive Touchscreens
  • Experience
    • Case Studies
    • Testimonials
  • News
  • Contact
Protect Your Organisation from Your Employees

Are you protecting your organisation from your employees?

By admin | Cyber Security, Latest Technology | 0 comment | 28 November, 2018 | 54

If you’re invested in the cyber security field you’ll likely have come across many an article discussing the risk employees pose to an organisation’s security – without even meaning to.

Bad practice can usually be overcome with simple policy changes, technical developments and employee education. In this article we’ll highlight a few different ways in which employee habits can lead to a security breach but also how they can be overcome.

Remote and Flexible Working

Flexible and remote working options are becoming increasingly available. It’s no secret this comes with its challenges for IT departments. Cyber security practices are still lagging behind in many situations.

When out and about, employees will sometimes connect to public WiFi, they will often be of the belief that if it has a password it’s secure. This is only really of benefit to the establishment offering the WiFi, if they password protect it they can limit the number of users and so protect their bandwidth.

Personal devices used in a remote or flexible working context also won’t always have the same level of security protection as company issued devices. There may be a substandard firewall or no antivirus. This is very relevant when working with contractors or freelancers who will need to access your network on an adhoc basis.

There’s always a chance an employee could lose or forget a device when out of the office. If it’s not appropriately secured or managed this could leave company data wide open to theft.

How to overcome this:

To protect your network from public WiFi you could use a VPN or a cloud based solution that maintains security levels wherever a connection is made from. As freelancers are less likely to need to access to the most sensitive of company data, this could be ring-fenced on the network to only allow access to those on approved connections.

A mobile device management (MDM) solution can be added to both company and employee owned endpoints so they can be remotely protected, and locked or wiped in the event of loss or theft.

On top of all of this, employee training and conduct policies are essential to explain why protection measures must be put in place and encourage willing adoption.

Removable Media and Cloud Storage

Circumventing security protocols isn’t something employees are necessarily looking to do with malicious intent. In many cases they’re simply trying to do their jobs.

The employee who puts company data on a USB stick to do some extra work at home that evening probably didn’t intend to lose it on their commute. The new employee who wasn’t yet authorised for remote access, so saved documents to their personal Dropbox to close a huge deal, wouldn’t have realised her ‘usual’ password got stolen in the latest major corporation data breach.

How to overcome this:

Technical solutions come into play here. Device restrictions can be enforced to stop the use of removable media on the company network or unauthorised app installation can be disallowed.

In the case of personal devices, contextual policies can be added, such as apps blocked when accessing the company network. Additional restrictions can be added or lifted depending on a wide range of factors, such as time of day, location, employee role and more. Building a solution to suit your organisation’s needs is key.
Protect Your Organisation from Your Employees

Paper Still Carries a Risk

There are some very basic ways employees act irresponsibly with your company data without ever touching a device. Most of us will have grown up in a time where we didn’t have a tablet attached to our fingertips and still wrote on paper. Added to this, the post-it is still an office staple and showing no signs of going away.

These mediums can be as big a security threat as your trusty password protected laptop. A printed document or a quick hand-written note could contain highly sensitive information. If not safely locked away, a break in or even just a quick glance by a cleaning contractor could have that information distributed outside your company before you know it.

How to overcome this:

Software is available to restrict printing of sensitive documents and a desk policy where no paper may be left out can be enforced by communication and a company culture shift.

Unattended Devices

Employees get quite comfortable in their environments – the office is meant to be a safe and secure place to work. This doesn’t mean risk isn’t still lurking. That newly hired employee may not be as trustworthy as initially thought, the air conditioning engineer is free to wander the office, or the loyal employee facing redundancy may be feeling reckless.

Screen locking can’t be stressed enough. When a device is left unlocked and unattended, far worse could happen than just a silly screensaver installed as a joke by a colleague.

How to overcome this:

Policies can be devised to enforce screen locking if a device is idle for a certain number of minutes. There are many software tools available which can roll this out network wide to both desktop and mobile devices. On top of this, employees should be encouraged to form the habit of locking their screen manually whenever they leave their device unattended.

Email Susceptibility

An incredibly common way to launch an attack is through the employee email system. An erroneous click on a malicious link can unleash a company-wide virus.

A further trick being used is impersonation. An email from ‘the CEO’ can convincingly be sent to the finance department asking for an urgent payment. Issues such as these can lead to unrecoverable financial losses, irreparable damage to the company image and exposure of private data.

How to overcome this:

With email being increasingly under attack there are measures you can take to integrate enhanced security into your messaging service. Secure messaging enforces granular message controls, delivering protection from the sender to the receiver. Targeted threat protection prevents impersonation with a combination of key indicators. Content control blocks the sending of sensitive information tailored to your organisation.

Awareness Can’t Be Stressed Enough

In all likelihood, employees won’t realise the risk they’re bringing to your organisation. Education into security best practices, highlighting the realistic consequences of a breach, combined with the latest technical solutions are the steps you should be taking.

If you need assistance or guidance in choosing the right security measures for your organisation, we’ll happily chat through this with you.

Cyber Security, Device Management, Employee Education, Removable Media, Risk Management

Categories

Client News
Education
Industry News
Latest Technology
Cyber Security
M-Tech News
Free Resources

Subscribe to our mailing list

By subscribing to our mailing list you actively consent to M-Tech contacting you via email for marketing purposes.
View our Privacy Policy here.

COMPANY INFO

Registered Address & Head Office:

Martello House, Edward Road,
Eastbourne, East Sussex,
BN23 8AS

City:

5 Standard Place, London,
EC2A 3BE

UAE:

Al Neem Tower, Khalifa Street,
Suite 302, 3rd Floor,
P.O. Box 111022, Abu Dhabi, UAE.

Registered in England:

04843249

Terms & Conditions

Privacy Policy

How to be Forgotten

Sustainability Policy

SOLUTIONS

Virtualisation
Microsoft Desktop Management
Apple Device Management
mtech.cloud
Office 365
Storage
Next Generation Firewalling
Physical Security and CCTV
Backup & DR
Connectivity
Enterprise Wireless
Telephony & Unified Communications
Audio Visual

ABOUT M-TECH

M-Tech Systems offer IT services, IT solutions and IT support to SMB, enterprise and education clients of all shapes and sizes.

We operate all across the UK, with special focus on Sussex, Kent, Surrey, Hampshire, Essex and London.

We can work in any way that suits you, either on a per project basis, alongside your existing team to bring additional expertise, or as fully outsourced IT support, providing a service desk.

CONTACT US

Tel:

+44 (0)1323 404040

Email:

info@mtechsystems.co.uk

CLIENT SUPPORT

mtech.support

Copyright 2021 © M-Tech Systems Ltd | All Rights Reserved | E&OE | Web Design by M-Tech Systems Ltd
  • Home
  • About
    • Partners & Accreditations
    • Careers
  • Solutions
    • Managed Services
      • Technical Services
      • Managed IT Support
      • Proactive Monitoring
      • Reseller Partners
    • Education
      • Microsoft Teams for Education
      • Google Classroom
      • Broadband for Education
      • Multi-Academy Trusts
    • Cyber Essentials
    • Client | Server Solutions
      • Virtualisation
      • Microsoft Desktop Management
      • Apple Device Management
      • Nutanix
    • Clever Cloud & Data Centre
      • mtech.cloud
      • UC & Telephony
      • Office 365
    • Storage
    • Security & Threat Management
      • Next Generation Firewalling
      • Safeguarding in Education
      • Multi-Factor Authentication
      • Content & eSafety
      • Endpoint Protection
      • Physical Security
      • Web Data Control
    • Availability & Disaster Recovery
      • Backup & DR
      • Veeam Backup for Microsoft Office 365
    • Connectivity
      • Buyer’s Guide to Connectivity
      • M-Tech CloudConnect
      • Connectivity & WAN Networking
      • Enterprise Wireless
    • Telephony & Unified Communications
      • Hosted Telephony
    • Mobility & Agile Working
    • Audio Visual
      • Interactive Touchscreens
  • Experience
    • Case Studies
    • Testimonials
  • News
  • Contact
M-Tech Systems