4 Ways Employees Are Cybersecurity Risks (& What to Do About It)
As a business owner, it might seem ridiculous for your employees to help hackers out. You strive to hire the best people – team members who are good at their jobs and would never dream of putting you at risk.
Yet, it’s precisely what they do when they ignore cybersecurity safety guidelines.
Your employees are instrumental in protecting your business from cyber threats. Cybersecurity is not limited to running one program and forgetting it.
Protecting your business is an involved, continuous process.
For example, at ITS – a Managed IT Service Provider (MSP) – we train our staff to recognize common security threats. We also ensure our clients know the best practices to protect their networks.
After all, employees can become targets for hackers and cybercriminals. They might not even know it.
Here are four ways your employees might be endangering your business and themselves — and what you can do about it.
Read “7 Bad Habits That Cause Data Breaches”
1. They’re Not Practicing Safe And Secure Web Browsing.
One of the most basic Internet rules is to not click on anything that looks suspicious.
These days, however, it can be harder to tell what’s safe and what isn’t.
A good rule of thumb is to avoid websites that do not have “HTTPS” in front of their web address. The “s” tell you the website is secure and has an SSL certificate. If all you see is “HTTP” – no “s” – then you should not trust putting your data on that website, as you don’t know where your data might end up.
Read “What is SSL? (What Businesses Need to Know)”
Another way to practice safe web browsing is to avoid clicking on ads or by using an ad blocker, such as uBlock Origin (a popular ad blocker for Google Chrome and Mozilla Firefox). Hackers can use ad networks to install malware on a user’s computer and network.
2. They’re Not Using Strong Passwords.
This is one of the worst IT security habits out there.
It’s too easy for employees to use simple passwords or to reuse the same password over and over again or to use one password for everything. Even though there are a multitude of ways to manage your passwords, sometimes, people get lazy.
Cybercriminals love it when people are lazy.
If your common password is stolen in a data breach, it becomes easy for cybercriminals to access virtually any app or account tied to that password. No hacking needed!
They’ll be able to reset the password, access sensitive information, or commit identity theft.
To avoid this, your employees must use strong passwords, change passwords every 60 to 90 days, and not reuse old passwords. It might sound tedious, especially if they rely on multiple passwords, but when it comes to the IT security of your business, it’s worth it.
It’s also easier than ever to improve your password security because of 2FA and password managers. Most major tech companies such as Microsoft, Apple, and Google, have authenticator apps for Multi-factor Authentication (MFA).
Meanwhile, password managers like 1Password and LastPass make it easy to create new passwords and manage them across all apps and accounts.
3. They’re Not Using Secure Connections.
Everyone who has ever connected to the internet should have a secure connection – even more so for employees who handle sensitive information. If you have remote team members who also handle sensitive data, it becomes doubly important to have them on a secure connection.
But what is a secure network connection?
Ideally, employees should use company-approved networks then connect via VPN. Or, if you issue company-sponsored hardware, they should stick to using it. It ensures strong endpoint security like malware protection, antivirus, anti-spyware, anti-ransomware, and firewalls.
Read “What is EDR, and Why Does My Business Need One?”
Public networks should be a massive no-no for security-minded businesses.
However, rules are hard to implement in the workforce. You can find WiFi virtually everywhere, and it makes connecting to the internet very easy. A little too easy.
You want to put up as many gates between your business interests and the outside digital world as you can.
4. They’re Not Aware of Current Threats.
You can’t defend against something you’re not aware of (just like you can’t solve anything if you’re in denial).
Security awareness training is a must in 2022’s digital environment.
One of the biggest threats to your business is a workforce that doesn’t know what a phishing email looks like or doesn’t know who to call when something goes wrong on the IT side of things.
If a team member opens an email they shouldn’t or clicks a “bad” link, it can compromise your entire business. You could end up the victim of a data breach. Or a hacker might decide to hold your data hostage until you pay up. This happens every day to businesses worldwide – and hackers are relentless.
They will use your employees against you if given a chance.
Need to Stop Hackers from Targeting Your Employees?
Of course, you don’t want hackers to use your employees against you. But what can you do about it?
Your best move is to get your team trained up and educated about current threats facing your business.
At ITS, we know people are essential for keeping data safe. They’re using the systems and must be one of the first lines of defense against hackers.
To get the most out of training your employees, you need to know the 6 Components of an Effective Cybersecurity Awareness Program. By having strong cybersecurity training, you – and your staff – are on your way to a better-protected company.