If you’re concerned about keeping your employees and company data safe, then there are a few mistakes that you should avoid. These five mistakes can be easily avoided with a little preparation and knowledge, but they do come up more often than they should.
Bad Computer Habits
There are many dangers associated with employees leaving their computer unattended, leaving their computer logged in to a social media or shopping site, and giving out too much information on a public profile. Many employees also fail to properly secure their mobile devices, allowing hackers to take control of the device and steal any valuable data.
Employees may neglect certain precautions because they do not consider themselves a threat or they believe that cybercriminals will target someone else. When it comes to cyber security, all employees must be aware of their actions and how they may compromise data. When you’re an employee of a company, your cyber security is just as important as the cyber security of the company. Your personal laptop should be protected by all the same anti-virus, anti-malware programs as your company laptop.
Carelessly Handling Sensitive Data
Carelessly handling sensitive data by removing files without understanding their importance or what risks they may contain can put your company in jeopardy. Whether it’s data theft or a compliance violation, you could be the reason for an investigation.
To avoid being at fault for compromising sensitive data, it’s crucial to have a plan in place when deleting files that are no longer in use. Employees must understand why they’re deleting specific files and what risks they may contain.
Data leaving the premises, theft of laptops, and mobile devices pose a real risk to organizations. When bringing devices home for use, make sure you have the right safeguards in place—like disk encryption or VPN access—to keep data safe when it’s away from your company network.
Employees must be aware of policies and the repercussions for breaking them. If the company has a mobile device policy, remind employees that this also applies when they bring company-issued mobile devices home for personal use.
An employee’s password, encrypted or not, gives their colleagues the permission to access the account (possibly with restrictions). If this account belongs to a sensitive system such as an internal document management tool or a local file storage, then it is vital that passwords are kept safe and secure.
This sensitive information can also be sent over insecure messengers, such as Yahoo Messenger or Skype. If the device is hacked, then the hacker will have access to all of your accounts. A popular method of hacking involves Trojans which are hidden in downloads or attachments. Once on the device, they start sending passwords to a predefined email address.
Using a social media site such as Facebook or Twitter can give strangers access to plenty of personal information about you and your family, including photos and videos that have been tagged with information about the location where they were taken, making it easier for hackers to know your whereabouts at all times. People who are careless with their passwords or security on social media are also at a higher risk of having their accounts hacked.
Lacking Awareness Of Cybersecurity
An employee can cause a data breach or fall victim to one if they do not take the necessary precautions to protect their devices and themselves from hackers. For example, an employee could access mobile malware by clicking on ads displayed in mobile apps. Or an employee could acquire ransomware through unsecured Wi-Fi, open phishing emails, or fall victim to a social engineering attack.
In fact, 90 percent of data breaches are due to human error — and negligence has been the leading cause over the past two years. In addition, employees have made it easy for hackers by using weak passwords, reusing passwords across multiple sites, leaving computers unlocked while at work or on vacation, downloading/opening unverified files, and failing to update software patches and anti-virus definitions.
According to a report by Verizon, 75 percent of hacking-related breaches involved exploiting weak or stolen passwords within the first hour of an attack. It only took hackers 12 minutes on average for employees to click on phishing emails, and one minute before malware was downloaded.
Social media sites are also one of the biggest threats to an organization’s cyber security; Facebook, Twitter, Instagram, and Pinterest are all very popular ways to share information with others. However, these social media channels can also be used to share malicious links that employees often click on without paying any attention. If an organization sets up a social media policy, then employees will be aware of what they should and should not share with other individuals on these sites. An alternative to this would be to simply block all access to social media channels within the office; this way, employees will not even have the option to click on dangerous links that could lead them to downloading malicious software to their device.
Using Outdated Software
Using outdated software Ignoring software updates on your device could be the quickest way to getting hacked. Hackers look for known vulnerabilities and bugs in software, such as system updates that haven’t been applied to a device (called outdated), and then use those flaws to hack into your device. As an IT person, it is important that you know about all of the devices within your company and make sure their software is maintained and up to date. There are multiple types of software updates, but in general, most have critical security patches or bug fixes. Turn on all automatic update features on your device to make sure you’re notified when the next update is available.
When you’re under pressure to meet work deadlines, it’s easy to underestimate the importance of cyber security. While it can be difficult to juggle your standard workload with adding new security measures, the consequences of not taking the necessary precautions could cause a lot more trouble in the future. Stay tuned in to Bayshore’s Blog for more.