Workplace Cybersecurity Begins with Employees
By Tara Marshall, Help Desk Specialist at United Benefit Advisors
I've looked at clouds from both sides now
From up and down and still somehow
It's cloud illusions I recall
I really don't know clouds at all
-- Joni Mitchell, "Both Sides, Now"
And like that song from 1969, it appears that most employees really don’t know cloud computing at all. In an article on the Society for Human Resource Management’s website titled, “Public Enemy No. 1 for Employers? Careless Cloud Users, Study Says,” a North American IT solutions and managed services provider called Softchoice found that 1 in 3 users of cloud-based apps (e.g., Google Docs and Dropbox) download the app without letting their IT department know. Cloud computing became popular a few years ago because people could store all their documents, photos, and other information and then access that data from anywhere at any time and on any device.
What makes this such a bad situation is not the cloud computing itself, but that the vast majority of employees lack any sense of cybersecurity. That same study found that 1 in 5 employees:
- Keep their passwords in plain sight (e.g., on Post-it Notes on their desks).
- Have accessed work files from a device that was not password-protected.
- Have lost devices that weren't password-protected.
Complicating this further is that the employees who actually do use passwords usually have weak passwords. That is, they are easy to guess (e.g., “1234,” “password,” or their username). Rather than leave a company and its network vulnerable to attack, some IT people suggest a ban on cloud accounts for work.
Security breaches involving a company’s intellectual property can be very costly. Sometimes referred to as “ransomware,” the important data of an organization will either be stolen or encrypted and will not be released until a fee is paid.
A better solution to a ban on cloud accounts would be to educate employees on the necessity for cyber security, train them to improve their online security habits, and remind them that IT rules are in place to make a company more secure, not make it more difficult for employees to be productive. Cyber thieves are clever and when they can’t break into a system using technology, they often rely on the flaws of human nature.
As we become more and more connected to the Internet, we leave ourselves and the companies where we work more accessible to cyber threats. It’s imperative that employees keep everything locked down.