The main risk of companies' IT security is employees. How can you protect yourself?

Employees have direct access to sensitive data as part of their work tasks. Therefore, this is a big security risk – not only due to intentional actions but also due to inattention. These occurred damages can reach up to millions in expenses. Companies can prevent these damages from happening by implementing safety measurements.

In practise, it is confirmed that the absence of rules of access to company’s data, on firm’s servers (or in cloud), is the first and crucial security risk. Depending on the work position of the employee, every employee should have access only to the data he or she actually needs for work. This could be a harder task with a significant number of users. But, from a long-term point of view, it is absolutely crucial to protect the most expensive possession of the company. A strategy of minor risk could be accepted while using the internet or social media (mainly professionally). So that the setting up of rules would make sense and would be realistically functional, it is important to start at the employees – i.e. regular trainings with examples from real life. For instance, it is not an exception that employees share data (budgets, a list of contacts, contracts, etc.) through the use of public services, such as Ulož.to.

The bigger the company is, the more it has employees with different personalities and stories. This is the reason why it is necessary for human resources to check their potential employees before sending them a job offer. This is done due to the fact that there have been cases when HR did not check their pontential employees. And so, people ended up getting hired despite having a fake ID or comitting frauds which were also mentioned on the internet.

If there is a case of the employee leaving the company, it is always good to leave it on good terms with the person. Unfortunately, this is not always the case. When companies leave it with its employees on bad terms, the basic rules of security are usually forgotten. In order to follow the rules and ensure that important data is secured, there is a list of procedures which needs to be followed when someone leaves. To be more specific, it is important to ensure that company’s chips, credit cards and SIM cards are returned. Moreover, access rights need to be cancelled and next steps need to be taken, such as the ones related to GDPR regulations. The list of important security steps is also beneficial to provide for new employees.


Is it worth it?