ZR Systems Blog

ZR Systems has been serving the Aiea area since 2006, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

How an End User Might Accidentally Undermine Your Security: 10 Innocent Mistakes

How an End User Might Accidentally Undermine Your Security: 10 Innocent Mistakes

If you’re like every other small business out there, you know that the more employees you hire, the more technology that you have to procure. However, when you have more end-users, you provide more avenues for threats to slip into your network infrastructure unnoticed. When all it takes is one simple mistake from a single end-user, how can you minimize the chances of falling victim to an untimely hacking attack?


We’ve put together ten honest mistakes that any end-user can make, and how they can be prevented.

  • Clicking on malicious links: With so much information on the Internet, it’s easy for an employee to search through countless pages without any regard to the sites and links that they’re clicking on. You need to emphasize the importance of safe browsing, including double-checking the destination of a link before clicking on it. You can do so by hovering over the link and looking in the bottom-left corner of your browser.
  • Using weak passwords: Employees frequently use passwords that aren’t strong enough to keep hackers out. Often times, they’ll simply use something of personal significance, like the name of their pet or a specific date. This isn’t the right way to approach password security. Instead, users should attempt to put together passwords that are private, randomized strings of numbers, letters, and symbols.
  • Ignoring mobile security: Even if your company has the latest and greatest security solutions installed on its desktops, you should also be thinking of your mobile devices, like smartphones and tablets. It’s arguably more important that your mobile devices have solid security solutions implemented on them, as they are often on the road, connecting to potentially dangerous hotspots. You need to make sure that security is a top priority in your Bring Your Own Device (BYOD) policy.
  • Accessing sensitive data through unsecured connections: If your employees are using the local café’s free wireless Internet to get some work done on their lunch break, it could be a dangerous gambit. Public Wi-Fi hotspots are notorious for being cesspools of online threats. Implementing a virtual private network (VPN) can be a handy investment that can encrypt data while it’s in transit, mitigating this risk somewhat.
  • Losing unencrypted devices: It’s not unheard of for an employee to use company devices in public places. If they accidentally leave their smartphone on the bus, or their tablet on a park bench, there’s always the risk that it can be stolen. Unless you practice proper encryption protocol, any information available on the device can be accessed by the person who finds it, be it a good samaritan or a tech-savvy thief.
  • Implementing unapproved solutions: Some employees simply prefer to use solutions that aren’t provided by the company to get their work done. The problem here is that the employee is moving forward without consulting IT about it, and that your data is being used in a solution that you can’t control. Plus, if the employee is using free or open-source software, these often come bundled with unwanted malware that can put your data in even greater peril.
  • Targeted business email scams: Phishing and spear-phishing attacks are growing more common. One example of this is an HR employee checking their inbox to find what looks like a job application or employment inquiry. All of the right information is there and nothing appears out of the ordinary; that is, until a malicious link contained within it starts to download malware or other nasty threats to your infrastructure. Other types of phishing attacks will ask end-users to confirm personally identifiable information or sensitive account credentials. Educating your team on how best to identify phony email messages is imperative to keeping your network secure.
  • Personal email use: It’s one thing to check your personal email account while at work, but another entirely to use your personal email account to perform work purposes. As the recent debacle with Hillary Clinton shows, people don’t take kindly to sensitive information being leaked via an unsecured email server that their organization has no control over. Add in the fact that personal email accounts are often not as secure as those in a professional productivity suite, and you have a recipe for disaster. You need to reinforce that your team should keep their work and personal email separate.
  • Leaving workstations unattended: Besides the fact that some tech-savvy employees are practical jokers, it’s a security risk to leave a workstation unlocked and unattended for long periods of time. Imagine if someone from outside of your organization walked into your office and accessed confidential files without authorization; that’s on the employee who got up and left the device unattended. Encourage your employees to always log off of their workstations, or at least lock them, before stepping away from their computer.
  • Using external storage devices: Your organization should only be using IT-provided USB devices and external storage. Otherwise, anyone with a random flash drive can connect it to your network, unleashing a horde of who-knows-what into your infrastructure.

User error is a primary cause for concern among businesses, but it can be mostly avoided by providing your staff with the training required to do their jobs properly. For more information about IT best practices, give us a call at 808.369.1000 .

Continue reading
0 Comments

Alert: How Hackers are Scamming Users With Fake IT Support Hotline

b2ap3_thumbnail_malware_lock_up_400.jpgThere’s a wicked string of malware on the Internet that locks users out of their browser and directs them to call a phone number. That phone number reaches hackers who have set up a subterfuge as an IT support company. If this happens to you, even if you are in the middle of something important, do not call the phone number.

Continue reading
0 Comments

Social Engineering: Not All Hackers Target Technology

b2ap3_thumbnail_social_engineering_risky_400.jpgThe nature of hacking is to take advantage of weak points and exploit them for some kind of profit. This is usually seen in flaws or vulnerabilities found within the code of a program or operating system, but these flaws can be psychological, too. Hackers are increasingly taking advantage of a concept known as “social engineering” to fool users into handing over sensitive information that can be used against them.

Continue reading
0 Comments

Mobile? Grab this Article!

Qr Code

Tag Cloud

Security Tip of the Week Privacy Technology Best Practices Cloud Hosted Solutions Business Computing Microsoft Backup Windows 10 Network Security Hackers Office Business Software Email Workplace Tips Disaster Recovery Computer Upgrade IT Services Hardware Server Business Continuity Malware Windows VoIP Data Efficiency Quick Tips Business Management Mobile Devices Managed IT Services Productivity Save Money Network Outsourced IT Small Business Employer-Employee Relationship Ransomware Cybersecurity Microsoft Office Alert Cloud Computing Passwords Browser Hacking Social Engineering Internet Managed IT Services Remote Computing Operating System communications Miscellaneous Social Media WiFi Mobility Phishing Password Virtualization Productivity Innovation Data recovery Telephone Systems Data Backup Communication Health Office 365 Patch Management Managed Service Provider Collaboration Windows 10 IT Support Facebook User Tips IT Support Gmail Holiday Smartphones Processor Smartphone Cybercrime Artificial Intelligence Best Practice Managed Service Staff Office Tips Data Management Education Law Enforcement Recovery Data Breach IT solutions Marketing Meetings HaaS DDoS Internet Exlporer Tech Support Flexibility BDR Networking Work/Life Balance Bandwidth Risk Management Application Spam Private Cloud Customer Relationship Management Encryption Google USB OneNote Consultant Two Factor Authentication Managed IT Service Memory Android Public Cloud Notifications Shortcut Windows Server 2008 R2 Mobile Computing Black Market Chrome Wi-Fi Evernote Best Available Going Green Settings Managed Services Provider Biometric Security Hybrid Cloud Assessment Avoiding Downtime SharePoint Applications Spam Blocking Troubleshooting Two-factor Authentication Electronic Medical Records Vendor Compliance Television eWaste Retail Hard Drive Windows 8 Computing Infrastructure Business Intelligence Books Workers Government Save Time Servers Entrepreneur Public Computer Environment Data Storage Tablet Telephone System Computing Training Techology Shadow IT Big Data Display Bloatware Worker Commute Cryptocurrency Files Employer Employee Relationship Professional Services Manufacturing Remote Monitoring App Emergency Budget Help Desk Tools Automobile Telecommuting Website Cryptomining User Error Hiring/Firing Cabling Distributed Denial of Service VPN Saving Money Employee/Employer Relationship Remote Work Database End of Support Worker Fax Server Customer Service Cables Legal Current Events Wireless Technology Transportation Infrastructure Tablets Entertainment Identity Theft Social WIndows 7 Internet exploMicrosoft Rootkit Users Excel Mobile Device Bring Your Own Device Computers Virtual Private Network Politics Credit Cards Paperless Office Advertising Vendor Management Phone System Wireless Maintenance IT Infrastructure Network Congestion Lithium-ion battery Keyboard Fraud Mobile Device Management Firewall Remote Workers Hard Drives Social Networking Business Technology Managing Stress SaaS Windows 7 Scalability