ePrivacy and GPDR Cookie Consent by Cookie Consent

The main risk of companies' IT security is employees. How can you protect yourself?

As part of their job tasks, employees have direct access to sensitive company data. Therefore, they pose a significant security risk - whether due to their intentional actions or inattention. The damage caused can reach millions of values. However, by introducing preventive measures, companies can significantly reduce possible damages.

In practice, it is confirmed that the absence of rules for access to corporate data on corporate servers (or in the cloud) is the first, fundamental security risk. Depending on the nature of their position in the company, each employee should have access rights set only to the data they really need for their work. With a large number of users, this can be a more time-consuming activity, but in the long run, the protection of the company's most valuable assets is absolutely essential. A reasonable risk strategy can be adopted using the Internet or (especially professional) social networks. In order for the rules to make sense and be functional in real life, it is important to start directly with the employees - through ongoing training with practical examples. For example, it is no exception that employees share sensitive company data (budgets, contact lists, contracts, etc.) through public services such as Ulož.to.

The bigger the company, the more there are employees of different personalities with different stories. It is therefore essential that the human resources department examines the employee at least in a basic way before hiring. Frightening examples from real practice where companies have not done so include the arrival of an employee for a foreign ID card or, for example, the admission of a person who was responsible for fraud, which was even mentioned extensively on the Internet.

Of course, when an employee leaves the company, it is ideal if the farewell takes place in a good spirit. Unfortunately, this is far from always the case. When companies break up with their employees in a bad way, they very often forget about the basic rules of safety. A list of processes that must always be followed when each employee leaves will help to comply with them and ensure the protection of important data quickly. It is necessary to monitor the return of access chips, corporate payment cards and SIM cards as well as the revocation of access rights and other steps, such as the regulation of GDPR. It is also good to have a list of necessary security steps for new employees.


Is it worth it?