Why weak personal security is a risk to business

Many businesses are becoming better protected in the IT sphere, argues Emma Woods, but the lax personal security of employees can still pose a risk.

We’ve all become quite used to the idea of enterprise security. In business environments, there are often well-defined procedures and protocols for using IT and most companies understand the potential risks.

But what about our personal security? We’re often less careful outside the work environment and many of us have a large digital footprint.

Email is a particular concern. If you think about it, your email address is a linchpin for pretty much everything else you do online. It’s the primary building block for most authentication. If you need to reset a password, where does the link get sent?

Many of us can get quite lax over password protection too. We’re asked to remember so much information for so many different online contexts, we end up going for the easy option and repeating the same letter/number combination.

Perhaps in a business, you’re encouraged to change your password every 30 days. But when did you last change it with your home ISP? In some cases, it can be five, ten or even fifteen years ago. So if there’s one thing you definitely do as a result of reading this short article, my plea would be that you go and change that personal password. Don’t put it off until next week or next month, as it’s way too easy to forget.

If someone manages to get into your personal email, it can easily help them to gain access to other services too. A door is thrown wide open. And this can have a knock-on effect to the enterprise environment too, as it may be that personal emails feature in multi-factor authentications.

Another issue is that people may not even know their personal email has been compromised and, if they do find out, they lack the expertise or resources to sort things out.

One very useful free site is https://haveibeenpwned.com/. You simply type in your email address and it will give you a description of any compromising activity on the account. At least then, you’re aware and in a position to take some action.

As a business owner or manager, it may be worth talking to your staff about the potential issues that arise with private security online. After all, there’s no point in investing in your own security when it can be undermined by the personal email accounts of your employees.