As we’ve discussed in previous articles, cyber security is a major issue for any business of any size, and this includes even the smallest, home-run operations.
It is a much discussed fact that one of the greatest threats to data security is the human factor, rather than technology. Whilst you may invest heavily in firewalls and virus protection, cyber-attacks so often come down to human error.
It is said that employees using company networks to carry out private admin is one of the most significant risks, and employers need to realise just how serious this risk could be.
82 Per Cent of Employees Undertake Life Admin in Work Time
We spend a great deal of time at work without a doubt, so it stands to reason that at some point we are going to have a need to undertake some form of personal task. ‘Life admin’ as it’s referred to is a necessity, and if we’re at work for the majority of our day, then some of that admin time is going to occur within working hours. But it’s the making use of company technology to carry out this admin that’s the issue.
Research by Altodigital reveals that 82 per cent of full time UK employees spend a certain amount of time carrying out personal admin tasks whilst at work, and that more time is spent on these tasks during work time than within lunch breaks.
The most common personal tasks include organising finances, booking health and beauty appointments, dealing with bills, and seeking alternative employment. Whilst some of these tasks may seem acceptable and necessary, the security risks that go with them really must be considered. The worrying thing is, four in ten of those questioned for the survey did not feel there were any security risks related to inputting their personal data into work networks, whether via company computers or their own devices.
Cyber Risks Very Real
The truth is, however, that there ARE numerous cyber risks. Storing passwords, credit card details and banking logins in a web browser or cache could prove exceptionally precarious. Personal data stored in emails is also very risky. Company networks are generally accessible by more than one user, offering simple in-roads. Even sending documents to unsecured network printers is potentially risky, particularly if the documents contain sensitive information. The same goes for photocopier hard drives.
As a business owner you’re going to have enough on your plate with the upcoming GDPR legislation kicking in. Allowing employee life admin tasks to be undertaken on company networks is going to raise even further problems because as soon as personal data is entered and stored on a company system, the company becomes immediately responsible for the security of that data.
Jas Sura, Security team lead at Altodigital says, ‘Although it may seem like simply ordering a new outfit for the weekend and quickly transferring some money to a friend is a quick and easy task, it may introduce problems further down the line. Site login and bank details may be stored automatically onto your device, meaning that if other staff members have access to it, or you leave your laptop unlocked while you are away from your desk, it could be a confidentiality disaster waiting to happen.
‘The explosion in growth of cyber hacking, in both capability and frequency, has caught short businesses of all sizes because it is so easy to do at a basic level. Hacking methods are becoming more and more sophisticated at times capable of fooling more tech-savvy individuals.
‘Our recent research revealed that 18% of UK SMEs have been hacked in the last 12 months, with sophisticated email phishing the most common form of hacking. As technology progresses, it’s really important that businesses make steps towards improving their business security – whether that be regularly changing passwords to be more secure, using encryption, having a managed firewall, or making regular backups!’
Take Advice, Set Policies
Businesses really should be taking serious steps to ensure the security of their data, and consideration towards the allowance of personal admin really must factor. Consult with your IT security consultants and legal advisers and put a policy in place so that you are protected.