Cyber Security Awareness: 7 Ways Your Employees Make Your Business Vulnerable to Cyber Attacks
Companies collect and store enormous amounts of data. From billing invoices to customers' credit card information, so much of your business focuses on private data.
To succeed, you have to trust employees with this data. But, sometimes, even the most well-intentioned employee can make mistakes that leave your company vulnerable to cyberattacks.
We recently conducted a study to find out just how many businesses fear cyberattacks that stem from employee mistakes. More than half of businesses surveyed believe a lack of knowledge, carelessness or malice on an employee's part could lead to a cyberattack. Additional research shows 84% of cyberattack victims attribute the attack, at least in part, to human error, according to ComputerWeekly.com. So, what kind of employee mistakes leave your company open to cyberattacks? Here's a list of the seven most common employee mistakes and what you can do to fix them.
1. Opening Emails from Unknown People
Email is the preferred form of business communication. The average person receives 235 emails every single day, according to The Radicati Group. With that many emails, it stands to reason that some are scams. Opening an unknown email, or an attachment inside an email, can release a virus that gives cybercriminals a backdoor into your company's digital home.
- Advise employees not to open emails from people they don't know.
- Advise employees to never open unknown attachments or links.
2. Having Weak Login Credentials
Mashable reported that 81% of adults use the same password for everything. Repetitive passwords that use personal information, such as a nickname or street address, are a problem. Cybercriminals have programs that mine public profiles for potential password combinations and plug in possibilities until one hits. They also use dictionary attacks that automatically try different words until they find a match.
- Require employees to use unique passwords
- Add numbers and symbols to a password for increased security. For example, change "Seattle" to "S3att!e."
- Create rules that require employees to create unique, complex passwords of at least 12 characters; and change them if they ever have reason to believe that they have been compromised.
- Take the headache out of this by using a password manager software to automatically generate strong individual passwords for multiple apps, websites and devices.
3. Leaving Passwords on Sticky Notes
Have you ever wandered through the office and spotted a sticky note on a screen with passwords written on it? It happens more often than you think. While you want a certain level of trust inside your organization, leaving passwords visible is too trusting.
- If employees must write down passwords, ask that the paper copies are kept inside locked drawers.
4. Having Access to Everything
In some cases, companies don't compartmentalize data. In other words, everyone from interns to board members can access the same company files. Giving everyone the same access to data increases the number of people who can leak, lose or mishandle information.
- Set up tiered levels of access, giving permission only to those who need it on each level.
- Limit the number of people who can change system configurations.
- Don’t provide employees with admin privileges to their devices unless they really require such set up. Even employees with the admin rights should only use them as needed, not routinely.
- Enforce dual sign-off before payments over a certain amount can be processed to combat CEO fraud.
5. Lacking Effective Employee Training
Research shows the majority of companies do offer cybersecurity training. However, only 25% of business executives believe the training is effective.
· Provide annual cybersecurity awareness training. Topics could include:
- Reasons for and importance of cybersecurity training
- Phishing and online scams
- Locking computers
- Password management
- How to manage mobile devices
- Relevant examples of situations
6. Not Updating Antivirus Software
Your company should deploy antivirus software as a protective measure, but it shouldn't be up to employees to update it. At some companies, employees are prompted to make updates and can decide whether or not the updates take place. Employees likely say no to updates when they're in the middle of a project, since many updates force them to close programs or restart computers.
Antivirus updates are important, should be handled promptly and shouldn't be left to employees.
- Set up all system updates to take place after work hours automatically.
- Don't let any employee, no matter what their title, opt out of this company policy.
7. Using Unsecured Mobile Devices
Do your employees have company cell phones, tablets or laptops? If so, do you have protocol in place to keep these devices secure? Many companies have a lax attitude toward mobile devices, but they present an easy target for cybercriminals.
- Every device should be password protected.
- If a device is lost or stolen, have a point of contact to report this to and steps taken to deactivate the device remotely.
- Use endpoint security solutions to manage mobile devices remotely.
- Don’t conduct confidential transactions using untrusted public Wi-Fi.
Employees are human, and digital accidents can happen. However, if you take certain steps to safeguard devices and train employees, you can prevent cyberthreats.
Of course, managing your company's cybersecurity goes beyond employee education. Protecting a company's digital footprint and managing threats requires the help of a reputable cybersecurity company.
Kaspersky Endpoint Security received three AV-TEST awards for the best performance, protection, and usability for a corporate endpoint security product in 2021. In all tests Kaspersky Endpoint Security showed outstanding performance, protection, and usability for businesses.
Related articles and links:
How to avoid public Wi-Fi security risks
Choosing an antivirus solution
Products and services:
Kaspersky Enterprise Security Training
Kaspersky Enterprise Professional Services