Even if you’ve already implemented a state-of-the-art firewall, antivirus software, and every other element of modern cybersecurity, there’s a chance that your defenses could be compromised at any moment. That’s because no one can fully defend their data and their systems against human actions. In fact, they are widely considered to be the weakest link in the cybersecurity chain, and their careless mistakes are responsible for 90 percent of data breaches.
Think of it like driving a car. You can purchase a top-of-the-line model with the most modern security features, like a collision avoidance system and surveillance systems. And you can make sure it has the most comprehensive insurance to cover you in case anything happens. But none of it provides protection against drivers who simply don’t know what they’re doing or who are driving recklessly. This is where measures like driver’s education courses come into play.
The good news is that when it comes to your technology, there’s a point where you don’t have to keep investing in more and more security tools. But you do need to keep up with user training (just like Driver’s Ed).
Here’s why.
1. Poor Password Management Practices
Passwords are the keys to your car. Despite their critical importance, employees often treat them as if they were public property, leaving them in plain sight, sharing them with just about anyone who asks, and not even bothering to make them remotely hard to guess.
No wonder then that weak passwords are one of the most common causes of data breaches. In 2019 alone, they were responsible for 30 percent of ransomware infections, and the problem doesn’t seem to be getting any better—at least not on its own.
How to address poor password management practices?
Addressing poor password management practices is all about getting the basics right and ensuring that employees won’t revert back to their old habits. Here are several best practices all employees should follow:
- Use strong passwords or passphrases that can’t be easily cracked. Using a password generating tools is one of the best ways (after all, if your user can’t remember it, it’s more likely a hacker can’t crack it).
- Store all passwords in a secure manner, preferably using a password manager which works in conjunction with the password generator mentioned above.
- Use a different password for each website, service, and application.
- Enable multi-factor authentication (also known as 2-factor authentication or 2FA) whenever possible.
- Avoid sharing passwords with coworkers, let alone outsiders.
While easy to create, these and other password management policies must also be enforced with an iron fist, which is where many organizations fail, so make sure you don’t become one of them.
2. Unsafe Web Browsing Habits
The web is a vast place and not all employees know how to navigate it safely. All it takes to end up in one of the web’s many dark alleys is a few careless clicks, and the consequences for the entire organization can be severe.
The danger only multiplies when employees are allowed to download files from the internet. Or worse, they’re given administrator privileges and therefore are allowed to install software on their work computers. A single compromised website or malicious software package can cause dangerous malware to spread across the whole network and give cybercriminals access to sensitive data.
How to address unsafe web browsing habits?
It would be easy to solve this problem by preventing employees from browsing the web entirely, but the fact is that the web is an indispensable resource. These days, every role would be far less productive without it. Since blocking the entire web isn’t an option, you need to focus on the usual suspects, such as torrent sites, adult video streaming sites, and online gaming portals.
Still, you will never be able to block each and every potentially dangerous website out there, and you shouldn’t have to. Your chances get better when you educate your employees that they are not to visit websites that have nothing to do with their work. And train them how to identify and avoid clicking links in emails that have spam written all over them.
3. Failing to Identify Phishing Scams
Finding an open vulnerability in a software application and using it to find higher privileges is extremely difficult and requires expert-level skills—not something many cybercriminals have.
On the other hand, spoofing an email address and using social engineering tactics to extract valuable information from unsuspecting employees is easy, and that’s why phishing scams continue to be responsible for so many data breaches.
How to help employees identify phishing scams?
Recent statistics reveal that 1 in every 99 emails is a phishing attack, so it’s only a matter of time before your employees encounter this threat face to face. To help them spot it, you should invest in ongoing cybersecurity awareness training that includes mock phishing attacks.
Since most phishing scams originate with an email message, it’s also worth implementing alternative communication solutions, such as a Voice over IP (VoIP) system or a real-time business communication platform like Microsoft Teams.
How to Employ All of These Protective Measures
Your employees are your greatest asset, but they can also be your biggest cybersecurity weakness. The strategies in this article can go a long way in increasing your employees’ ability to spot and avoid dangerous cyber threats, but there’s nothing as effective as creating a series of security policies and a clearly defined training program.
Help Desk Cavalry offers a complete, advanced cybersecurity stack that you can augment with human-focused preventative services, like regular phishing email training. And we can architect, implement, and maintain a structured security policy that covers all possible vulnerability points. Just let us know how we can help you.