When drawing up your cyber security plan, it’s easy to focus on external threats. Hackers and malware are dangerous and need to be targeted, but they might not be your biggest cyber threat. Unfortunately, that distinction belongs to your employees.
Here are four reasons your employees might be your biggest cyber threat, and how you can help them be more secure:
Falling for Phishing Attempts
Phishing emails are a popular way for scammers to try and gain access to your valuable systems and accounts. They’re a social engineering tactic that tries to create fear or intrigue in the recipient in order to have them take a particular action.
Many attempts are poorly written and obvious, but a recent
study found that 80% of participants were unable to detect a phishing email at least once in seven tries. This is because phishers are becoming more sophisticated, taking the time to obtain personal and organizational information in an effort to appear trustworthy. This information is easily obtained, since it’s readily available on your company website and the social media pages of your employees.
Engaging in Unsafe Browsing
Even the most productive employees take a break once in awhile, and that usually means browsing the Internet a bit. Unfortunately, that leaves your business susceptible to malvertising, the use of malicious code in advertisements to unknowingly infect computers and networks.
The reason malvertising is so dangerous is that it can occur anywhere, even on websites that users know and implicitly trust, like YouTube. Symantec
estimates that over 70% of legitimate websites contain an exploitable vulnerability and one in eight contained a critical one.
The problem is that these enormous websites don’t inspect every single advertisement. In fact, they usually outsource the handling of their ads. If one or two bad ads slip through, it can mean disaster for your business, even if your employees are browsing approved, safe websites.
Downloading Untrusted Files
Whenever an employee downloads a file onto a work computer, they’re exposing your company to a certain amount of risk. Trojans are never obvious – they’re disguised as ordinary, innocuous files. Once downloaded and installed, however, they’re a huge problem. They’re notoriously difficult to get rid of and not easy to spot in the first place. A Trojan can quietly run in the background for years without ever being detected by your security applications.
Trojans can be hidden as any file, and come from any source. Employees should be especially careful opening up email attachments. Often, email accounts will be hacked and infected, sending out trojans to everyone in their contacts lists. Even a file from a trusted client could be an issue if their email account has been compromised.
Failing to Protect Passwords
Passwords are vital in protecting your business against cyber threats. You need to make sure that passwords are complex enough to deter common hackers from guessing or engineering them. Passwords must be changed often to minimize the damage unauthorized users can do if they do gain access to another person’s account.
Employees are responsible for more than just creating and changing passwords, however. They’re also responsible for protecting them. Many users jot passwords down on a sticky note or put them in a Word document on their desktop. When passwords are kept in places like that, it’s easy for them to fall into the wrong hands, making the passwords pointless in the first place.
What You Can Do About It: Tips For Preventing Cyber Breaches
The most important thing you can do to protect your business interest is educating and training your employees. Threats are constantly evolving, so your employees need to be ready to adapt. Provide on-going practical training that includes information about new threats and hands-on exercises to test their phishing awareness. Throughout these training sessions, reinforce the proper response protocol when an employee believes they could have been compromised.
If you’re looking to improve your organization’s cyber security, make sure to reach out to us here at Envision Consulting. We can help you create a cyber security plan, then train and educate your employees on it. Your organization will have the tools it needs to protect you from cyber threats and the ability to recover quickly from any mistakes your employees make.