- Borrowing Wi-Fi
About one in three corporate employees who work from a laptop sometimes piggyback on a stranger's wi-fi connection they spot with their wireless Internet card, according to InsightExpress' study. While that allows for easy telecommuting without a broadband bill, moving confidential data across an insecure wireless connection can be risky.
- Using USB Drives
Those little USB key chains make for easy file transfers, but when they store sensitive information, they also pose a security risk. Not only are they frequently lost, but they're also built to run certain programs automatically when plugged in. One security researcher, Steve Stasiukonis, planted 20 USB drives in the parking lot of a bank, each with a piece of software that steals passwords and log-ins from employees' computers and sends them to a third party. Fifteen were picked up by employees and plugged in, ferreting off sensitive information and demonstrating the devices' potential for exploitation.
- Forwarding to Third-party Webmail
Services like Gmail or Yahoo! Mail are free, universally accessible and often easier to use than clunky corporate e-mail, tempting workers to forward their work messages to a Webmail account. But when confidential data is copied from your business's e-mail servers and ends up on Google's or Yahoo!'s, it's no longer completely in your control.
- Opening E-mail Attachments
Opening attached files on e-mail from strangers is one risky behavior that seems to have finally become unfashionable. Ninety-three percent of workers now know better than to expose themselves to malware or viruses by opening files from anonymous or unfamiliar messages. But some not so brilliant users actually infect themselves purposefully out of curiosity, says David Perry, director of education at Trend Micro.
- Clicking Hyperlinks in E-mails
Just as employees have started wising up to attachment threats, cyber-criminals have moved on. More common now is malware that installs itself when the user visits a Web page linked in a spam e-mail. Those links can be masked to read as legitimate sites like eBay.com or Amazon.com while sending users somewhere far less desirable.
- Surfing Shady Sites
Allowing employees to visit porn or gambling sites at work is a bad idea for several apparent reasons. But one of the less obvious is the threat of Web-based malware, which often lurks on disreputable sites.
- Not Securing Wireless Devices
As smart phones proliferate, the definition of the word "computer" is blurring at the edges, and so is the security perimeter of a business with wireless employees. Many wireless devices don't come with security software or encryption of data pre-installed. (more)