By: Craig Badrick on March 29th, 2017
4 Ways Employees Enable CyberSecurity Hacks and How To Prevent It
Network Security | Cybersecurity
Although you may have heard this all before, hackers are more innovative now, than ever. It’s time for a refresher.
As you are well aware, your company has a lot of information and communication flowing from person to person, within and outside the organization. This flow keeps your company running, and it’s an integral part of the relationship between your business and your clients.
So what would happen if that exchange was suddenly severed, or if the sensitive data being transmitted was compromised in some way? Today, these security risks are all too real -- and they could cost your organization significantly. Unfortunately, the problem may be caused by your own employees.
Security should be a primary concern for you, as the livelihood of your entire company depends on it. If you’re the IT professional responsible for keeping the business network secure, get this article to your leadership team today. It is imperative for company leaders to fully understand how employees can pose serious security risks to the organization at large, inviting harmful threats onto the network. Here are some of the most common ways your people may be weakening your security efforts and putting the business in harm’s way right now.
4 Ways Employees Enable CyberSecurity Hacks and How To Prevent It
1. Clicking or Opening Email Links
It’s safe to assume that not everyone understands the dangers of clicking on email links. After all, the threat is not a new concept for personal or professional users. There has been so much news and information covering the topic that it should be common knowledge, right? Not necessarily.
The truth is email and phishing scams become more advanced and innovative by the day. Hackers devise trickier and more deceptive ways to lure employees into clicking on links that will foster a security breach. And let’s face it, your people are probably receiving copious amounts of emails every hour, so stopping to think about the security ramifications of a single click may not be top of mind for them as they wade through the mass of communication.
Still, it should be. The only way to make that happen is to educate them properly and instill a strong sense of security awareness. They must understand the latest phishing threats that can bait them into linking to a fraudulent website for stealing sensitive or valuable information. They must also be aware of email links that launch malware or computer viruses. Once an employee’s computer or email server is infected, the infection can spread to the entire network -- a security nightmare you don’t want to risk.
The National Cyber Security Alliance advises businesses to educate employees so they “know not to open suspicious links in email, tweets, posts, online ads, messages or attachments -- even if they know the source. Employees should also be instructed about your company's spam filters and how to use them to prevent unwanted, harmful email.” An effective, ongoing effort to promote security awareness at all levels of the organization is absolutely vital to ensuring that employees don’t become your greatest risk.
2. Visiting Unsecure Sites
Do your employees know how to discern a secure site from an unsecure one? Just like with email, hackers have developed malicious ways to make a person think they are on a legitimate site when they’re not. And the consequences are just as detrimental. If one of your employees visits an unsecure site -- whether for business or personal reasons -- they could be opening up their computer and the organization’s network to serious vulnerabilities.
This reality extends to applications. If an employee tries to download an inconspicuous application from a site they don’t realize is unsecure, they could actually end up running spyware or other harmful software on the network. This gives the hacker a prime opportunity to steal valuable data or hold it ransom for a hefty fee.
Every user in your company must be equipped with the knowledge to understand how these threats can impact the business at large (and, by extension, their own job). They should be apprised of the ways to be alert to these threats and why it’s so critical not to bypass any security protocols put in place to protect the network from these types of attacks. Without this kind of mindfulness from each employee -- from the intern pool to the C-suite -- you’re leaving great security vulnerabilities in the hands of uninformed workers.
3. Using Weak or Faulty Passwords
There are a number of ways a single employee password can go wrong, and once it’s hacked, your entire network may be at stake. Some of the worst mistakes made by employees include reusing personal passwords for business applications, failing to update passwords regularly, using overly simplistic or easy-to-guess combinations and sharing passwords with other employees.
Be sure to train your people in this very important area of security. A password is a gateway to some or all of your business’s most critical assets, and a breach has the potential to result in devastating outcomes for the company. Here are a few of the most basic guidelines that employees should be following when it comes to password protection:
- Passwords should contain at least 12 characters, comprising numbers, upper and lowercase letters and special characters.
- They should be easily remembered but not easily guessed.
- Reminders should be set up to update passwords frequently, such as every 90 days.
- The passwords users select should not be repeated for any other business or personal account.
- Two-factor authentication should be employed whenever possible.
4. Incorrectly Sharing and Storing Information
Whatever your policies and procedures are for sharing and storing files and information, it’s possible that some employees are using workarounds that they feel help them perform their jobs faster and with less headaches. But these types of do-it-yourself solutions are highly susceptible to security threats, if for no other reason than the fact that they are not being monitored by your IT team.
Say, for instance, that an employee decides to use a consumer file-sharing application because they find it simple to understand and quick to navigate. These benefits may be real, but the security vulnerabilities an application like this can bring to your company files and information are immense. That’s not even mentioning the legal ramifications that can occur if an employee’s information sharing and storage habits conflict with compliance regulations designed to protect consumer data.
Again, education and awareness are key. Unless every employee understands how the incorrect handling of sensitive company files and information can lead to serious security consequences, you’ll always be at a higher risk of data breaches and network attacks. There’s no reason why this should be the reality at your organization. Prioritize security awareness today, and take the necessary steps to educate your employees so they don’t turn into your biggest risk.
Take advantage of the opportunity to have a TTI expert come to your office and host a free discussion on the latest in cybersecurity protection. Schedule your roundtable discussion today, and learn how to be smarter about your business’s security.