How To Keep Employees From Putting Your Data At Risk?

October 23rd, 2017   /     /   smarter identity

According to new research conducted by Arlington Research, on behalf of OneLogin, based on a survey of 1,022 respondents in the U.S. in May 2016, U.S. employee’s digital device practices are one of the key reasons employers need to be extra cautious.

The study found that 13 percent of U.S. employees allow their colleagues to use a device that can access their employer’s network. Nine percent allow their partners to access such a device, and one percent even permit their children to use it.

Password-sharing is rampant, with 20 percent of employees sharing their work email password, and 12 percent sharing passwords to other work applications. Nearly half of all employees are unaware of any company policies around the sharing of work passwords.

Mobile device security is lax. One in five employees does not have any security software on their work devices, beyond what ships with the operating system.

In an effort to minimize the cyber risks brought on by your own employees, here are three security solutions that HR executives should consider:

  • Implementing Multi-factor Authentication (MFA): Considering 55 percent of employees access work applications away from the office, MFA is needed to ensure that the right people are accessing the right information. This authentication tool prompts employees to validate their identity using something they have with them, for example, their phone, when they log into applications remotely. MFA has become so prevalent that some of your employees might already be using it for their own personal applications.
  • Enforcing Security Policies: Another recommendation is to construct a security policy based on your organization’s security needs and stick with it. Do your employees take company devices home? Are you briefing them on basic dos and don’ts on sites visited and using devices for personal purposes? Your security policy should align with the company’s security needs, but shouldn’t be too onerous for employees. Sometimes, deploying a simple drawbridge will get the job done better than a crocodile-filled moat and 60 foot walls
  • Generating Awareness and Education: All the moats in the world are not going to protect you from employees bringing their canoes to work. Not only should employees be made aware of how their digital habits impact the company, they should also know how their security habits impact their personal lives. When employees understand that their security practices have consequences on their private lives, they will take security awareness training more seriously since they get the added benefit of securing their personal data along with company data

The increased mobility of today’s workforce, based on the extensive use of smartphones, laptops and online applications that can be accessed from anywhere in the world, means that a company’s perimeter is ever changing as the number of personnel expand and contract.

HR executives should consider tightening up their security by leveraging multi-factor authentication technology, enforcing adequate company security policies and generating awareness of how employee’s digital device practices impact their own personal data and the security of the entire organization.

Want to see how you can mitigate security risk with OneLogin? Click here to get a free demo. This post is an excerpt from HR.com.

About the Author

Alvaro Hoyos leads OneLogin’s risk management, security, and compliance efforts. He also works with prospects, customers and vendors to help them understand OneLogin’s security, confidentiality, availability, and privacy posture and how it works alongside, or in support of, customer’s own risk management model. Alvaro has over 15 years in the IT sector and prior to joining OneLogin, helped startups, SMBs, and Fortune 500 companies with their security and data privacy compliance efforts. His commentary and articles have been featured in several publications, including CIO, CSO, Forbes, the Atlantic, Bloomberg BNA, Dark Reading, Network World, Infosecurity, eWeek, HRPS, ThreatPost, and Help Net Security. Alvaro is a member of the Forbes Technology Council and has a B.B.A in M.I.S. and a M.S. in M.I.S. from Florida International University.

View all posts by Alvaro Hoyos