Recent corporate hacking cases (Sony, anyone?) have dominated the headlines and shown that employees are often at the heart of corporate security threats. In the motion picture company’s case, hackers accessed private emails, executive salary details and employee Social Security numbers, among other sensitive information.

87568944_5f212d7d9e_b-450x300While the case represents a worst-case cyber attack scenario, it’s a wakeup call for companies of all varieties to shore up security concerns — starting with employees. Forrester research finds that mistakes by internal employees, not malicious external hackers, caused the most data breaches among survey respondents.

When security breaches put customer data at risk, companies not only face lawsuits and costly downtime, but they lose goodwill and future business. Health care organizations alone lose $5.6 billion per year from data breaches, according to the Ponemon Institute.

It’s important for field service organizations, which increasingly rely on mobile and cloud-based technologies, to help employees understand security vulnerabilities — and effective defenses against them. Here are five tips:

  • Take passwords seriously: More than half of cloud users at a typical company recycle passwords for multiple applications, making it easier for hackers to access highly sensitive apps with credentials from lower priority ones. Make sure techs understand the importance of secure passwords.
  • Beware email attachments: Remember the Target data breach that exposed credit card and personal data on more than 110 million consumers? It occurred after an HVAC employee that did business with Target opened a malware-laced email. Be sure employees know what to look for when it comes to suspicious email.
  • Keep contractors in compliance: The Target case brings us to another point: Only 32 percent of companies require third-parties to comply with their policies. Businesses that hire contractors and vendors should ensure these outside entities understand and adhere to security policies.
  • Plan for device loss: In the UK alone, 10 million devices with sensitive company were lost or stolen in the past year. It’s not a matter of if; but rather when. Whether your company uses device encryption or remote wiping, make sure there’s a plan in place for techs leave a phone behind at the job site.
  • Practice what you preach: Eighty-seven percent of senior managers send work files to their personal emails or cloud accounts, according to research. That means they could be circumventing corporate VPNs and ignoring file transfer policies. Executives must prioritize security to set an example for the employees they manage.

As data breaches become the new norm, businesses should make customer information security. If not, they’re leaving their finances, reputations and legal standing on the line.