Your staff is instrumental when it comes to protecting your organization from cyber threats. But they can also become targets for hackers and cybercriminals, and they might not know it. Here are three ways your staff may be at risk of endangering your business and themselves — and what you can do about it.
1. Not Using Strong Passwords. This is one of the worst IT security habits out there. It’s too easy to use simple passwords to reuse the same password over and over again or to use one password for everything. Or, worse yet, all of the above.
Cybercriminals love it when people make these common mistakes with their passwords. If the same password is used over and over, and that password is stolen in a data breach (unbeknownst to you), it becomes easy for cybercriminals to access virtually any app or account tied to that password. No hacking is needed!
To avoid this, we recommend using strong passwords, or pass-phrases, and not reusing passwords. This may sound tedious and challenging, especially since we rely on passwords for so many services, but when it comes to the IT security of your business, it’s essential. That’s why we urge people to use password managers such as LastPass or 1Password. Password managers make it easy to create new passwords and manage them across all apps and accounts.
2. Not Using Secure Connections. This is especially relevant with so many people working remotely. You can find WiFi virtually everywhere, and it makes connecting to the Internet very easy. A little too easy. When you can connect to an unverified network at the click of a button, it should raise eyebrows.
And unless your staff are using organization-issued hardware, you have no idea what their endpoint security situation is. The best policy is to educate staff so that they do not connect to unsecured networks (like public WiFi), especially with work computers.
We also recommend that organizations have endpoint security installed on every device that connects to your organization’s network: malware protection, antivirus, anti-spyware, anti-ransomware, firewalls, you name it! It is a best practice to put as many layers of protection between your organization’s interests and the outside digital world as possible.
3. Lack of Awareness of Current Threats. How educated are your staff about today’s cyber security threats? If you don’t know, or you know the answer isn’t a good one, we recommend making a change. One of the biggest threats to your organization is staff who don’t know what a phishing email looks like or don't understand the importance of verification.
If an employee opens an email they shouldn’t or clicks a “bad” link, it can compromise your entire organization. You could end up the victim of a data breach. Or a hacker might decide to hold your data hostage until you pay up. Ransomware attacks are regularly in the news – and hackers are relentless. They will use your own staff against you if given the chance.
The best protection is to get your team trained and educated about the current threat landscape. Check out some of our free resources for training staff:
Education is a powerful tool and, when used right, it can protect your business and your employees. Working with a managed service provider or partnering with an IT services firm is an excellent way to accomplish this and avoid everything we’ve talked about in this article.