Inner Security Threats to Your Small Business
We have written at length about the threats your small business faces from hackers, phishers, and malware, but what about the threats in your own office? Even if you are a small company or the sole employee, there are some threats you are likely overlooking.
Not Locking Out Social Sites
How often do you or your team members browse Facebook, LinkedIn, Twitter, or Pinterest while at work? Remember, these sites collect data about users’ experience, meaning you could be exposing your location and other company details. Even worse, a picture of a cute puppy or catchy headline makes it easy to click onto malware. If you allow social browsing at work, ensure your security and preferences are updated, and that you and your team avoid clicking on dubious links.
Are you sure your employees are working? Sadly, a good portion of employees (and bosses!) waste time at work, not even realizing how their internet use, wedding/kid’s birthday planning, or even just walking around talking to other teammates adds up. To avoid the theft of time, set goals and expectations for yourself and your team. Schedule breaks and put limits or blocks on non-work related screen time.
A roll of toilet paper from the bathroom, some anti-freeze from the shop floor – many employees think small items like this are okay to take home. However, if those items are part of your inventory, it’s still theft. If you don’t mind your team helping themselves to smaller items, that is fine (and generous). However, if the little thefts add up to a big hit on your bottom line, you need to nip this behaviour in the bud.
Loose Lips Sink Metaphorical Ships Too
The “loose lips sink ships” propaganda from World War II is still used today, but now doesn’t refer to war but to spilling secrets about clandestine products, services, or news. If your company is introducing a new prototype, entering beta testing, or has collected client data, it is imperative that everyone on your team practice discretion. For example, sensitive client information should not be a source of gossip in the office. Details of your prototype should not be happy hour conversation at the bar after work. Avoid lawsuits and loss of proprietary information by reminding your team to be discreet or by enforcing non-disclosure agreements about company work/information.
The problem with being available 24/7 is that we often access our work files from unsecured devices. Use a VPN or issue take-home devices from work to keep your important files secure when they need to be accessed outside of the office. Discourage sharing emails and files on personal devices and avoid calling employees on their personal lines outside of work hours.
The Little Threats Add Up
The list above may seem like insignificant threats or petty annoyances, but it only takes one bad click to get ransomware, one slip of the tongue to let competitors know about your new product, and a few hours of wasted time to damage your company’s productivity. When working on your company’s security, don’t ignore these inner threats.