Let's face it, even the most security-aware employees will have a lapse every now and then. Or maybe your company security policy isn't all it can be, and your employees are doing the minimum because they don't know or don't have the inclination to practice safer security measures.
Take e-mail, for example. E-mail is still the communication nerve center for most businesses, yet, other than awareness of spam and viruses sent as attachments, e-mail security is often put on the back burner. Tech Republic pointed out five ways to keep e-mail safe and more secure, such as using BCC when sending an e-mail to multiple people or using a private e-mail account for confidential missives. Then there is the tip that might be most important, as more e-mail is kept on mobile devices: saving mail in a safe place. As the blog by Chad Perrin stated:
No amount of encryption for sent emails will protect your privacy effectively if, after receiving and decrypting an email, you then store it in plain text on a machine to which other people have access. Webmail providers don't do as good a job of ensuring stored email privacy as we might like. Many users' personal computers are not exactly set up with security in mind, as in the case of someone whose Windows home directory is set up as a CIFS share with a weak password.
Companies, too, can become complacent about security, especially if they depend on an outside company. As PCWorld.com reported, companies that use Infrastructure-as-a-Service (IaaS) tend to worry less about security. A Yankee Group study that looked at enterprise use of IaaS found:
Companies that have already started using IaaS ranked five other issues as more important than security. Those issues include regulatory compliance, challenges of migrating existing data and employee resistance.
Both articles are good reminders that we've always got to be on top of our own security efforts. Depending on someone else to make sure we are staying safe leaves both the company and the employee open to risks.