Pop quiz: What do the data breaches at Target, Home Depot, and Sony all have in common? Give up? Employee errors caused these breaches. These, along with about 500 other breaches, are confirming what many security professionals have worried about for years. In the digital age, the weakest link in our information security is us: humans. The most common cause of data breaches and workplace scams around the world is employee error or negligence.
This kind of negligence can take a few forms. It can be an employee responding to a phishing e-mail or downloading a piece of malicious software on a company computer. An employee could fail to adequately secure his login information (by, say, writing it on a sticky note and attaching it to the monitor) or could leave company technology vulnerable to theft.
As with many other complex, human-focused problems, no single solution can address this problem. There are structural and technological changes that can help mitigate the risks posed by employee error. While these changes are developed and implemented, here are three simple steps you can take to stay safe from workplace scams.
1.) Read something, say something
Everyone thinks they can detect workplace scams. It’s a line of thinking called the general attribution error, that what’s true of “most people” can’t possibly be true of us and the people we know. We constantly believe we’re the exception rather than the rule, and our susceptibility to fraud demonstrates this well. Most people consider themselves intelligent, discerning Internet consumers. Yet, a recent Google study found that 45% of users fell victim to a fake login page.
Scammers wouldn’t keep using these tactics if they weren’t working, and even if you are savvy enough to spot 99 phishing attempts in a row, the one you miss is all it takes for another big data breach to happen. If you work at a company with 100 people who are all as adept as you are at catching these e-mails, every scam attempt works on one person on average. Worse still, some hacking attempts begin by sending out e-mails from the first victim to people on that person’s contact list. When that happens, one person falling victim to an attack can quickly increase the credibility of subsequent attacks.
The solution to the general attribution error is the power of collective wisdom. If you receive an e-mail that’s clearly an attempt to solicit sensitive information, don’t just delete it and move on. Forward it to your company’s IT representative. Mention it to a colleague. Ensure that everyone knows this scam is circulating at your company.
If you do fall victim to one of these hoaxes, then don’t try to cover it up. You might face disciplinary action for opening malicious e-mails, but you will face disciplinary action if your login credentials are used to expose sensitive information!
2.) Off the clock? Lock it up!
The VA breach, one of the biggest data leaks that hit some of the most secure data in the nation, was caused when an employee improperly took confidential information home to continue working. The information was stolen and the integrity of the VA’s servers was compromised. Taking work home with you might be a good way to get ahead, but unless your home can provide the same level of security as your office, it’s just not worth it.
If you must take work outside the office, then keep it in a secure place. Ideally, you should place it in a safe or locking file box. Failing that, keep it in a locking briefcase or other lockable container. When it comes to working with paper copies, don’t forget to destroy or return them once you’re done.
If you have a standing arrangement with your employer to do some work remotely, then there are still a number of steps you can take to keep your work technology safe. If you work on a laptop, then invest in a cable lock. This piece of hardware works like a bicycle lock. You loop it around a heavy object and fit the lock into your computer’s power port. Should a dedicated thief rip the lockout of the port, the computer will be rendered inoperable, turning a catastrophe into a hardware replacement.
Also, don’t connect to unsecured wireless networks. Anyone can join these and set up monitoring software on them to steal data in transit. If you work on your home WiFi, then set up a security protocol. Don’t forget to change the default administrator password on your router. Most manufacturers have a default router password which would enable scammers to access your network.
3.) Keep workplace scams out of the office!
Most people spend at least some part of their workday browsing the Internet. Modern technology has made work more efficient, so most people don’t begrudge five minutes on Facebook here or there. The problem is that recreational browsing can expose the office to risks.
Even the tamest hobbies can have risks. Searching for “download sewing templates” could take you to websites dotted with malicious software masquerading as innocuous archives and executable files. If your interests include games or gambling, then the Internet can be a very dangerous place for your work computer.
If you’re interested in gaming, then you might be tempted to load a USB drive with a few fun titles. It’s very easy to accidentally save sensitive information to that USB, which becomes a liability. USB drives are the bane of IT security people everywhere since they’re easy to lose, steal or swap.
If you have downtime at the office, then stick to browsing sites you know and trust. Check your personal e-mail, read CNN headlines, or find the latest scores at ESPN. If you feel the need to explore the darker side of the Internet, then be sure you do so at home where you can better control the sensitive information on your computer.
One final way to beat workplace scams is to work together with other good guys. Share your wisdom – your tips, tricks, and experiences in keeping information safe! Let us hear from you: What are you doing to keep your workplace safe?
If you like what you read, then join our e-mail list!