We often believe the security of our emails relies entirely in the technology that we use. However, Business owners may be overlooking an important security risk that they may not realize.
The #1 vulnerability for business networks are the employees using them. It’s extremely common for an employee to infect an entire network by opening and clicking a phishing e-mail (that’s an e-mail cleverly designed to look like a legitimate e-mail from a web site or vendor you trust).
If any employee is checking unregulated, personal e-mail on their own laptop, it can be a gateway for a hacker to enter YOUR network.
Further, if the data in your organization is highly sensitive, such as patient records, credit card information, financial information and the like, you may not be legally permitted to allow employees to access it on devices that are not secured; but that doesn’t mean an employee might not innocently “take work home.” If it’s a company-owned device, you need to detail what an employee can or cannot do with that device, including “rooting” or “jailbreaking” the device to circumvent security mechanisms you put in place.
Employees may be sending sensitive information such as social security numbers, credit card information and other corporate data via email, making systems vulnerable. When 119 business professionals over various industries were surveyed, 53% reported receiving unencrypted data from coworkers that could pose a security risk. Alternatively, only 17% admitted to personally sending out risky data. The later number is significantly higher and exposes that employees are not as secure as claimed to be, because 98% of professionals studied reported holding security standards that met or exceeded the company policy.
Business owners need to implement and maintain an Acceptable Use Policy that outlines how employees are permitted to use company-owned PCs, devices, software, Internet access and e-mail. We strongly recommend putting a policy in place that limits the web sites employees can access with work devices and Internet connectivity. Further, you have to enforce your policy with content-filtering software and firewalls. We can easily set up permissions and rules that will regulate what web sites your employees access and what they do online during company hours and with company-owned devices, giving certain users more “freedom” than others. Having this type of policy is particularly important if your employees are using their own personal devices to access company e-mail and data.
Companies must focus on employees and technology equally when it comes to email security. If employees don’t know how to spot infected e-mails or online scams, they could compromise your entire network. Be sure that employees are following procedures and enforce rules to uphold the security of sensitive information and your system.
