Are your employees a threat to your cyber security?
Unintentionally, many employees introduce malicious software into work systems that can attack and expose confidential information. According to a recent survey from security firm RiskIQ, over half of employees in the UK that use personal devices for work also use the same devices to download or stream material from pirate sites. These sites normally provide unauthorised videos, movies, television shows or software and can contain malware (malicious programmes such as computer viruses) which can ultimately infect and compromise work data.
While IT professionals within companies will have their own guidelines on how best to manage the technical side of things, prevention is always better than cure. What could employers and HR be doing to mitigate these risks?
1. Ban the use of personal devices
Is a ban on “BYOD” (bring your own device) to work realistic? Unless your employees work with classified data, such a ban is likely to be hugely unpopular. Many employees may elect to check their emails on a personal device from home. However, this can be prevented through denying server access to these devices or enforcing the policies mentioned below.
2. Ensure employment policies are appropriate and up-to-date
- Data protection accountability.
- Prohibitions on certain electronic communications including harassing, discriminating against and bullying other employees
- IT security including securing the physical device.
- Prohibited Internet usage.
- Prohibitions on downloads.
3. Live and breathe those policies
How can we help?
- Draft or update your online security policies;
- Ensure you comply with the Information Commissioner’s codes of practice; and
- Prepare and conduct communications geared toward employees.
If you have any questions, or to discuss how we can help you, speak to a member of our employment team on +44(0)203 051 5711 or email us.
Content is for general information purposes only. The information provided is not intended to be comprehensive and it does not constitute or contain legal or other advice. If you require assistance in relation to any issue please seek specific advice relevant to your particular circumstances. In particular, no responsibility shall be accepted by the authors or by Abbiss Cadres LLP for any losses occasioned by reliance on any content appearing on or accessible from this article. For further legal information click here.
Circular 230 disclosure
To ensure compliance with requirements imposed by the IRS and other taxing authorities, we inform you that any tax advice contained in this article (including any attachments) is not intended or written to be used, and cannot be used, for the purpose of (i) avoiding penalties that may be imposed on any taxpayer or (ii) promoting, marketing or recommending to another party any transaction or matter addressed herein.