Personal data theft continues to be an ongoing occurrence, and while losing a wallet means losing personal ID and credit cards, it’s far more dangerous for an individual if their laptop is stolen—and even more so for their company. Nowadays, more businesses are permitting their employees to bring personal computing devices to work, which can create serious cybersecurity risks in many ways.
Every one of those devices is a security hole that is not under the company’s control. Often, there are no corporate safeguards in place for employees' personal laptops. Even though an employee may have installed an anti-virus program, it won’t protect their data if their laptop is stolen, which is becoming an increasing problem. In fact, physical theft accounts for 70% of losses in the healthcare industry.
Endpoint security is not enough; a thief won’t need to hack anything if they have a computer that’s already logged into a company’s server or contains sensitive corporate data. This means that the criminal can tamper with files or download information, resulting in significant financial losses for the company. For example, EMC and Hartford Hospital were forced to pay $90,000 to Connecticut following the theft of an employee laptop that contained patient information.
Establishing a standard cybersecurity policy will ensure that all staff will follow the same rules. For instance, they should never leave their laptops unattended, and they should never store any company data on their personal devices.
Lack of Employee Knowledge
Company-wide education about personal computing security is crucial—according to a 2015 survey of 2,000 office workers, 93% admitted that they have committed at least one act of poor data security. This might include sharing login information with other staff or creating weak passwords. And even though a company may have encrypted their own hardware, employees do not usually consider encrypting their own personal devices. That allows a criminal to easily access a company’s server through a worker’s laptop; they can also install malware to collect usernames and passwords of other staff or customers.
Setting up employee training sessions that educate staff on cybersecurity best practices, such as creating strong passwords and encrypting devices, will help reduce chances of a dangerous cyber attack. Not only are employees informed of potential dangers, they'll also remember to stay vigilant in following cybersecurity policies.
Establish Network Security
Although it’s most effective to take a preventive stance through employee education and corporate protocols, sometimes theft can’t be avoided. In that case, companies can strengthen their cybersecurity by using network security monitoring to detect any strange behavior on their servers. Managed security services such as SOCVue can also help companies cover multiple security points. That way, their data will remain safe from hackers.
Is Your Organization Ready to Battle Cyber Attacks?
Find out with EiQ’s free, 10-question cyber security readiness assessment! Sign up now to see how prepared you are to identify threats and vulnerabilities, mitigate risks, and enable compliance.
Feature Photo: Stock-Asso / Shutterstock.com