Do you use the same smartphone at home and at work? Whether your company allows employees to bring in personal devices or issues office-specific phones and laptops, those devices likely contain sensitive corporate and personal information. Unfortunately, many people use these devices in ways that can jeopardize the security not only of your personal data – but of your employer’s critical business information as well. This is an issue that hackers are quick to exploit, since as a general rule, your organization holds more cash in their wallet than you do.
Here are a few of the most common workplace security mistakes, as well as a few tips on how to avoid them:
1. Losing Your Mobile Device
While not everyone has had the misfortune of having a device lost or stolen, it’s extremely likely to happen to at least one person in your workplace at some time. Just think of all the personal information you’ve sent in professional emails: Your contact information is in your email signature, you may have copies of client records in your “Sent” folder, and your HR manager likely has your social security information stored somewhere in their files. Despite those risks, a third of people don’t bother to protect their mobile devices with a PIN or password. To give you, your boss, and your coworkers peace of mind, you should also install security software that will locate, lock, and wipe your phone remotely in the case of device loss or theft.
2. Downloading Risky Apps
Whenever you download an app on your smartphone, tablet, or laptop, you’re handing over your personal details to the developer of that app. While many apps require certain data to run (for example, Google Maps requires access to your location), some applications collect extensive information without your knowledge. Recent research found that more than 100,000 Android applications on Google Play are “suspicious” or “questionable” because of what they collect about users. Free apps are particularly suspect, and an app with access to your contact information can be used to mine information about your company’s employees. In turn, this information can easily be used to carry out sophisticated spearphishing attacks that can compromise your entire workplace.
3. Working Remote – With or Without Your Corporate Device
According to a recent study, 46% of employees admit to transferring files to and from work and personal computers when working from home. This can pose a serious risk to your employer’s data, since personal computers are rarely protected or maintained as well as corporate devices. Talking about sensitive company issues where others can hear or intercept the conversation becomes much more common when you’re working from home or in a coffee shop. If you do work remotely, never hold work conversations in a place where you could be overheard, and always connect to a VPN over a secure Wi-Fi network (NOT the free Wi-Fi in your favorite café).
4. Passwords on Post-Its
You’ve seen it; I’ve seen it. When your IT guy gives out a particularly complex password to remember, our first inclination is to write it down on a Post-It and stick it on the side of our work computer. In fact, 55% of us admit to sharing password details with friends, family, or coworkers – a habit that could leave corporate or personal data open to theft. To avoid this mistake while still maintaining a variety of complex passwords, try a password management system like McAfee Safe Key, which is included with your McAfee All Access subscription.
No matter where you work, all employees need to understand that they are handling sensitive business data whenever they work from a personal or corporate device. Take some time to install a security solution on all of your mobile devices, and when it’s your phone or laptop that gets stolen, your coworkers (and boss) will thank you.