How Do Employees Cause Security Breaches?

How Do Employees Cause Security Breaches?

A security breach is a catastrophe that can damage a small business's reputation and potentially cause crippling financial ruin. On average, a data breach costs a company $4 million -- and when a data breach occurs, an employee is the most likely cause.

It is dangerous to assume that your company is immune to cyber attacks or invisible to hackers simply because it is small. Hackers target small businesses every day because they are often much easier to breach than major corporations.

It's time for your company to take a proactive approach to security -- and security begins with your employees. These are some of the most common -- and not so common -- ways in which employees can cause security breaches.

Weak Passwords

A weak password can potentially allow a hacker to gain the same level of access as an employee.

Even though most people would be able to identify weak password, people tend to be stuck in their ways, The most common passwords include "123456," "123456789" and "qwerty" -- but words such as "password" and company names such as "google" are common as well.

To prevent employees from using weak passwords, you should implement a password policy forcing employees to use strong passwords containing capital and lowercase letters, numerals and symbols.

Email and Browsing Habits

If your employees enjoy unrestricted access to the Internet, an employee's browsing habits could potentially lead to a security breach.

Suppose, for example, that a website mistypes the URL of a website and lands on a website containing malware. That malware could infect the employee's computer and eventually cause a breach in your corporate network.

Social Engineering

In a social engineering scheme, a hacker makes contact with a business's employee using an offline method such as a telephone call.

The hacker attempts to gain the employee's trust and convince him or her to reveal sensitive information. A hacker might pose as someone from your company's IT department, for example, and ask an employee for his or her network password.

Property Theft

An increasing number of businesses allow employees to use their own phones or computers for work. Working on a familiar device might increase an employee's productivity.


If a device containing sensitive information leaves the workplace, though, it could potentially become a target for theft. If the owner accidentally leaves the device at a bar or restaurant, someone could potentially take it and access the data on it.

Improper Disposal

Does your company have a system in place for shredding documents and destroying discarded digital storage devices such as optical discs and hard drives?

It is unwise to assume that discarded items are safe from prying eyes simply because they've been thrown away -- and a formatted hard drive is not empty. Unless the physical media is destroyed, restoring the "deleted" files is a simple matter for the right hacker with nefarious intentions.

Your business should have a system in place for destroying sensitive material, and all employees should understand the disposal procedure.

Insecure Software

As a piece of software becomes larger and more complex, the possibility of security vulnerabilities existing within it increases. No company can guarantee error-free performance of its software.

In early 2017, a critical vulnerability was discovered in the website content management system WordPress. The vulnerability made it possible for any person to add or modify content on any WordPress website.

Although the fact that software which requires updates isn't your employees' fault, failing to check for and install software updates is negligent and could be exposing you to risk.

Employee Malice

In rare cases, a terminated employee of a company might attempt to sabotage or steal data from his former employer.

Employee malice can have particularly damaging results for a company that allows workers to access its systems remotely. To minimize the possibility of a rogue employee causing a data breach, your business should have an IT management protocol for immediately revoking the remote access privileges of terminated employees.

Fortify Your Digital Security Now

Nothing can replace sound security policies and thorough employee training -- but that doesn't mean you should have to protect your company's valuable data all on your own.

There are plenty of outsourced IT security solutions available which can help you move critical data to a cloud network and provide constant monitoring. This gives your business the protection and robust security features needed to help prevent data breaches.

Contact us today to discuss what we can do to protect your company's data and their reputation!