For better or worse, employees are the first (and sometime final) safeguard against digital incursion – and hackers know it. Cybercriminals are a sneaky bunch. More often than not, they will exploit your company’s weak spots rather than launch a full-scale assault against your security solutions. And what is your weakest link? Sadly, research shows that employee negligence is one of the leading causes of data breach.
It’s no wonder why phishing scams, Trojan downloads and social engineering scams are often aimed at employees. These simple hacker tricks not only lead to infected devices and leaked emails, it can also expose enormous amounts of data on your customers (just ask Yahoo or DropBox). Below are a few of the simplest steps employees can take to prevent advanced security attacks from crippling their organizations.
Urge Users to Create Better Passwords
This tip appears in nearly every cybersecurity guide, but not enough people follow it. All too often employees develop weak passwords and reuse them for multiple sites and services; which means hackers can decode your login information with an automated brute force attack and then shop your password around to unlock as many sites as possible.
How would you fare? Would a hacker be able to access your work email, your social media pages, your bank account? Consider using stronger and different passphrases for all your accounts. If you have trouble keeping these in order, try using a password manager.
Don’t Get Lazy, Update Your Software
Nothing is more annoying than software notifications disrupting your work flow to ask you to update your programs. You hit ‘remind me tomorrow’ but you are really saying ‘leave me alone!’ Why are they so persistent?
As it turns out, software updates are vital to the health of your company. Software developers regularly release security updates and patches for their programs; and the hacker community is deftly aware of these security gaps. If you want to prevent advance security attacks, update your programs regularly or turn on automatic updates.
Bring Shadow IT Out of the Dark
Your company probably provides a list of approved programs for your employees including chat services, box services and more. Still, your employees likely have their own favorite products and services. Maybe it’s just easier to chat over an open source platform or store files in an unapproved cloud. But who knows if these programs are trustworthy? Even if they are, it is nearly impossible for IT departments to manage and secure these rogue platforms from cyberattack.
This is what is known as Shadow IT, and it’s a big problem for companies everywhere. While it’s nearly impossible to stop your employees from using Shadow IT, at least urge them to disclose any unapproved programs to IT for better security and monitoring.
Shy Away from Public Wi-Fi
More and more offices adopt ‘work from home’ and ‘bring your own device’ policies to reduce operating costs, boost productivity and improve employee satisfaction. And it’s working! Turns out nearly 45 percent of employees regularly telecommute.
What’s troubling, however, is that more than 60 percent of web users think public internet is safe to use! Far from it, hackers often deploy ‘honeypot’ and ‘man in the middle’ attacks to fool users into joining bogus Wi-Fi- hotspots or pilfer crucial data transfers to and from your business. Yikes!
Educate your employees about the risk of public Wi-Fi and encourage them to use a virtual private network (VPN) or personal hotspot when surfing the web in public; and even then, to use caution.
Develop A Contingency Plan
Cyberattacks happen. No way around it. If you want to prevent advanced security attacks, its best to work with a reputable cybersecurity provider who can manage your defenses when you can’t. If an attack does breach your network, they can help reduce the damages, sniff out secondary attacks and get your business back on track.
Remember to develop a contingency plan. What happens after a hacker compromises your system? How do you quarantine the incident? How should it be reported? How should it be remedied? These are questions you want to ask before an incident, not after.
While there are numerous cybersecurity checklists online, it’s important to remember that protecting your business from hackers is a process rather than a one-and-done deal. By educating your employees about the risk of cybercrime you can turn your weakest links into your army of advocates.