However, much of these are done by corporate users unintentionally, more out of ignorance than out of arrogance. Employees just do the things they know how to, without even trying to learn the consequences of their actions. Below I listed some of the more popular issues employees make that make them an internal security threat:
Employees are most often the cause of virus infections
There are several ways corporate users unknowingly infect the network with viruses. First and most common is the clicking without thinking habit. Oftentimes it happens when an employee receives an email with an attachment even if the email came from someone they do not know. Their curiosity will get the better of them. It is only after several hours or could even be days that the user will send a complaint to the IT department. Which at this time the virus might have already spread to a large number of computers inside the company network.
Another common way employees infect viruses in the company network is through those common USB dongles or SD cards. These devices are used to connect into different computers or devices other than those that belong to the network. If the computer the dongle or card was attached on has a very weak security or anti-virus system, then surely it is capable of infecting other computers. This is also another way of spreading the virus within the network.
Improper use of passwords
The most common issue among employees. Aside from not knowing how critical having a strong password is, users can sometimes make the mistake of lending their passwords to other co-workers. This practice is common among those who have close relationships with each other. But the trouble comes when the passing of the password become out of control. The original user might not be able to trace how far the password may have traveled to.
Even if a company has an ERP system running on its network, every user will have its own file directory stored on their workstation. And mind you that these files are sure to contain valuable company data. Some of these confidential data may be stored on networked storage. The trouble is they do not know how to secure these folders and leave the default permission as is, which is easy to share with or "networkable". This could lead to trouble if accessed by unauthorized or disgruntled employees.
Unauthorized machines or devices
Sometimes employees may bring their own laptops or phone to the office. Either they use it in their work or for other reasons. Most likely it is to connect into the company internet connection. Either they use it for internet surfing or for work, the device will be able to enter the company network. If the security system of that device is low then it is a possible source of a threat.
Unauthorized use of the internet
Let's face it, internet usage has become somewhat indispensable to the way we work. Whether the company uses the cloud or not, employees will in one way or another have to access the internet in the performance of their tasks. But you cannot monitor each user's internet usage every hour of the day. System administrators may institute some policies and rules, but these are oftentimes not being followed. Some may block some web sites, but when employees learn how to use proxies, then a work around the firewall is possible. When this happens then productivity suffers or worse, the web site visited may contain malware that can potentially harm the network without the employee realizing it.
Unauthorized installations of software
I've seen some companies who are very lax in the administration of their networks. Most of the time this is also due to management not being aware of the different threats in their company network. They do not want so stringent rules. But giving in to this situation will bring trouble not only to the company network but to the System Administrator himself. Surely, this laxity will be exploited by employees. If this happens, you will find different types of applications and software not necessary for the work of the employees installed in their workstation. Most of these unauthorized applications are for gaming. Or if not, the worse is that the applications will by unlicensed. Software piracy means a very costly trouble for the company.
These are the most common ways employees become an internal threat to any company network. There could be other ways. Every System administrators must be aware of this else it becomes their disadvantage. They must also learn how to teach each employees the proper way to use the computer, how to keep safe online and their limitations in using company network. Management must also support policies on internet, email and company network usage formulated by the System Administrators. They were hired to do their work in protecting company networks from all threats - external and internal.
No comments:
Post a Comment