Although you probably take your online security and privacy seriously when you’re at home, there’s a good chance you take a more blasé attitude when you’re at work.
Most people expect to be safe when they’re at their workstation in the office. You simply assume your IT team is sufficiently competent to keep you and your data secure. Sadly, that’s not the case. Even if you’re lucky enough to have the best IT team in the country supporting you, you can still be at risk.
What are the five biggest threats facing your privacy and security in the workplace? Let’s take a look.
1. Outdated Software
You probably don’t have any control over what software is running on your employer’s network. Sadly, it can have grave security implications.
It’s especially true if you have to use software that’s outdated or unsupported by the developer, or if you’re running an operating system that’s showing its age.
Redundant software is rife in companies around the world. Sometimes, there’s a good reason for its ongoing use: perhaps it provides access to legacy data. However, that’s not always the case.
The "if it ain't broke, don't fix it" mentality almost guarantees software will become abandonware, nightmare legacy code
— arclight (@arclight) April 21, 2017
For example, did you know research suggests a staggering 52 percent of companies in the United States are still running at least one instance of Windows XP in 2017, despite Microsoft ending support for the 16-year-old operating system in 2014? These days, it’s riddled with security flaws and vulnerabilities — essentially exposing you to what experts have termed “zero-days forever” risks.
There’s a knock-on effect of using old operating systems: modern apps will not be able to run on it. Thus, you will have to use older versions of software that in turn have their own risks and vulnerabilities.
Want to know why business are using old operating systems? Normally, it boils down to cost. In 2016, the Australian Queensland Health Organization had to spend $25.3 million to migrate from Windows XP to Windows 7. And that’s not considering the opportunity cost of the inevitable downtime.
2. You’re Under Surveillance
Even if you’re fortunate and your company invests heavily in IT infrastructure, you’re still at risk from your IT department “spying” on you.
The spying can come in many forms. They’ll be able to see the contents of any emails you send from your company email address, how long you spend on social media and other “time-wasting” websites, and view your entire browser history.
Ten years ago, this caught me out as graduate fresh out of college in my first corporate job. After a couple of years, I was growing frustrated and looking for a new challenge. I spent a few weeks browsing job boards and applying for new roles, only to be called into my boss’s office and fired for gross misconduct. The IT team had gone as far as to prepare a dossier on my online activities which my manager wafted in front of my face.
Don’t make the same mistakes as me: only use your employer’s internet and email system for company-related activities.
3. Data Protection
Your company has an enormous amount of your personal data on record. Your name, age, address, contact details, next of kin, bank details, health plans, social security number, and countless more information is tucked away in some vague-sounding “employee file.”
Except, this isn’t 1983. Your file is no longer a physical box gathering dust at the back of a cupboard. Instead, it’s all stored electronically on network-connected HR systems.
The risks here are obvious. Unless you actually work in the IT department, you have no way of knowing what checks and balances are in place to keep your data safe. If a hacker breaches your employer’s systems, they could steal it all in the blink of an eye.
It doesn’t matter whether you work for a small SME or a multinational corporation. Smaller businesses are, on average, less likely to spend large amounts of cash on robust security, while big businesses are a lucrative target for cyber-criminals and thus garner more of their attention.
4. User Accounts
Who has access to an administrator user account in your office? Most people have no idea. And even if you know, are you happy trusting them implicitly with access to your data?
Remember, administrators can change security settings, install software, add additional users, access all files saved on the network, and even upgrade other users’ account types to admin status.
Even if you’re confident that the genuine system admins are trustworthy, what happens when someone’s account has been accidentally granted excessive privileges? If you work in a company with thousands of employees, are you sure that every single one of their users’ accounts has been correctly configured with the right access levels?
It only takes one rogue employee to cause a huge security breach.
5. Mobile Devices
Does your company offer a BYOD (“Bring Your Own Device”) working environment? In theory, it sounds like a great idea: you get to use your favored machines and operating systems, and it can often lead to higher levels of productivity.
But what are the trade-offs? You’ll have almost certainly signed away a huge slice of privacy for the benefit. In many cases, you might not even be aware — did you closely read your contract’s small print?
Such policies are heavily geared towards your employer’s interests. You’ll usually have given them a right to access and monitor your device.
But what exactly can businesses see? Contrary to some popular misconceptions, they won’t be able to see your photos and other similar content. However, if you’re on a company’s internal Wi-Fi, they will have access to all the data flowing in and out of the device because it’ll be going through the company’s own servers. For many, this is a much more frightening prospect than your boss seeing a snap of you on a beach.
Even if you’re not connected to a company’s Wi-Fi, you’re still not safe. Your employer will have permanent access to lots of data and information. When it comes to personal phones or tablets in BYOD schemes, this includes your wireless carrier, phone manufacturer, model number, operating system version, battery level, phone number, storage use, corporate email, and corporate data.
They’ll also be able to see your location. If you’re thinking of faking a sick day to go to Disney World, think again. Or at least, leave your phone at home.
What Should You Do?
As you’ve been reading through my five points, you might be thinking that many of the issues I’ve raised are beyond the control of a typical employee.
That may be true, but there is one significant change you can make to keep your security and privacy intact: don’t keep any personal data on your employer’s network.
Too many people view their office computer as an extension of their home network. They use their employee email addresses for highly sensitive communications, keep scans of their ID and bank statements on the hard drive, have family photos on the desktop, the list goes on.
Similarly, if you have an employee-provided smartphone or tablet, refrain from installing apps which need your personal information such as banking, personal email, or social media. You never know what data your company is logging. If you want to be really extreme, you shouldn’t even make personal phone calls.
Do Security and Privacy in the Office Worry You?
Do the five points I’ve raised in this article set any alarm bells ringing? Are you concerned about your online security while you’re at work?
Or are you on the other side of the coin? Do you trust your employer with all your personal information?
You can let me know your opinions on the debate in the comments section below.
Image Credit: Pressmaster via Shutterstock.com