In today’s digitally connected world, your team has the unprecedented ability to quickly get the tools and information they need to streamline their work. But with all of that accessibility comes new risks to your cybersecurity. Malicious individuals are eager to gain access to the confidential information housed in your company’s networks — and your employees can be an all-too-easy target.
Case in point: research from Stanford University and Tessian reveals that 88 percent of business data breaches are caused by employee mistakes.
Without sound cybersecurity training, your employees are likely going to continue making mistakes that have the potential to compromise your data — and your clients’. Understanding what they are doing wrong and setting things right is essential.
1. They’re falling for phishing emails
Phishing scams are perhaps the most widely known example of how employees can compromise your network. These occur when an employee receives what seems to be a legitimate email asking them to click on a link or to provide certain information.
Unfortunately, simply clicking on a link could be enough to bring malware into your network. Employees must receive training to understand what these emails look like so they can send them to the spam folder where they belong.
As Steven Price notes in a blog post for Tech Rockstars, “The challenge is that phishing emails have gotten harder to spot. Scammers can spoof legitimate web addresses. They can make fake emails look like the real deal. But there are still plenty of minor details that indicate the e-mail is a fake. […] Training helps employees identify red flags.”
Continues Price, “But more than that, it helps them identify changing red flags. For instance, a phishing email from 2010 looks nothing like a phishing email from 2020. Scammers stay ahead of the curve. They know the trends, and they know how to adapt. Your employees also need to know the trends and need to be ready to adapt.”
2. They’re doing work activities on an unsecured network
The rise of remote work has certainly benefitted employees and businesses by offering increased flexibility and reduced overhead. Unfortunately, the networks they use to access the internet may not be as secure as what you have in place in your office.
When an employee uses an unsecured wi-fi network (such as at a coffee shop or airport), hackers can easily intercept login information and other sensitive data that is transmitted via this connection. This includes emails, instant messages, bank account data — anything that the employee accesses while using this network.
Businesses must ensure that their own networks are fully secured, and provide strict instructions to employees regarding which networks they connect to for their work-related activities.
3. They’re using outdated software
Most companies use a broad range of cloud computing tools, such as CRM software or logistics tracking. Most also use programs for word processing, accounting and other vital activities. Even for programs that don’t seem to depend too much on the internet, ensuring that all software is fully up to date is crucial for preventing security breaches.
The reason behind many software updates is to address new security vulnerabilities that have been discovered. Failure to update software can leave loopholes that hackers can use to access the information being stored by your business. Similar issues can also result from using outdated hardware. Eventually, the hardware manufacturer will stop pushing updates for old equipment, leaving it vulnerable to security threats.
Ensure that your network administrator is keeping all software up to date. Remember that the cost of replacing old hardware will ultimately be much less than if you were to suffer a data breach.
4. They don’t have good passwords
Easy-to-guess passwords (like “password” or “123456”) are never a good idea — especially if your employees are using the same passwords for their work and private accounts.
As Clifford Colby and Sharon Profis explain in an article for CNET, “It’s worth repeating that reusing passwords across different accounts is a terrible idea. If someone uncovers your reused password for one account, they have the key to every other account you use that password for. The same goes for modifying a root password that changes with the addition of a prefix or suffix. For example, PasswordOne, PasswordTwo (both bad for multiple reasons). By picking a unique password for each account, hackers that crack into one account can’t use it to get access to all the rest.”
Strong passwords use a mix of upper and lower case letters, numbers and special symbols. They should avoid using common words or phrases, as well as personal information that someone else might know.
A random combination of characters can be quite effective, even though your employee might need to write it down somewhere safe to remember it. Requiring strong passwords for business accounts and implementing two-factor authentication will help prevent easy breaches.
Are you helping your employees stay safe online?
Surveys indicate that 43 percent of workers don’t receive regular cybersecurity training — and an additional eight percent have never been trained. This poses a major risk to your business, especially as phishing and other cybersecurity threats are becoming more prevalent and more sophisticated.
By ensuring that your employees know what to do — and what not to do — online, you can have greater confidence that their actions aren’t putting your business at risk.