As long as there are cybercriminals, there will always be cybercrime. And no matter how sophisticated security systems get, there is no way to protect your company completely from cybercriminal activity.
However, that doesn’t mean cybercrime can’t be avoided or minimised, at the very least. There are countless cybersecurity tactics that allow companies to protect themselves from the consequences of cybercrime, such as security breaches, data loss, and network micro-segmentation. But no matter how many security measures you put in place and how much money you invest in cybersecurity, there’s always going to one factor that can put your efforts to waste–and that is employee habits.
Your employees are the biggest threat to your cybersecurity. Bad employee habits can increase your company’s vulnerability to cyberattacks, which can easily lead to disastrous consequences. A single click on a malicious link or connecting to public Wi-Fi can already be enough to put your company’s security at risk–what more if your employees accidentally lose a device or fall for a social engineering scam?
To protect your company against cybersecurity risks, here are the bad employee habits that you need to kick:
Writing passwords down
Some employees write their log-in credentials on a piece of paper so that they won’t forget. Some even put their details on a sticky note to be directly placed on their monitor. What use is having passwords then?
When those details fall into the wrong hands, you could face a major cybersecurity risk. A cybercriminal can easily gain access to your network using those log-in details and wreak havoc on your system within minutes. Worst of all–you probably won’t even see it coming since they can gain access to the system as a normal employee would.
Clicking links carelessly
Scam e-mails and websites have continued to evolve over the years, and nowadays, it can be quite tricky to spot a scam even if it’s staring you right in the face. Employees are busy throughout the day that sometimes, they may not even notice a malicious link until it’s too late. And alas–you have a malware-infected computer and a cybersecurity risk to deal with.
To combat this type of behaviour, remind employees to:
- Be wary of e-mails asking for personal information
- Check for the SSL certificate when visiting websites
- Always validate the sender’s e-mail address
- Don’t click on any attachments from a suspicious e-mail
- Contact the supposed sender when in doubt
Using social media on work devices
When employees use their work devices to go on social media, they can put a company’s cybersecurity at risk, even when they are outside work hours. So if you let your employees access their social media profiles on work devices, it may be time to set a rule against that.
However, you can’t control employees’ desire to go on their Facebook or check their Instagram feeds. As an overall security measure, consider blocking social media sites on the office network. Only allow social media access on the work devices of the marketing team and other people who need to use the company’s social media profiles.
Transferring documents via USB stick
We’re way past the point of relying on USB sticks to transfer data from device to device. Not only is this method a bit inconvenient, but it’s also highly risky since USB sticks can carry viruses and transfer them like the plague.
Instruct employees to transfer data over a secure network using file-sharing apps or the cloud. This method is far more convenient and faster than using USB sticks, not to mention much more secure. If they absolutely have to use USB sticks or any other type of data storage hardware, tell them to scan the device on their computer before using it.
Being careless with work devices
Employees tend to be as careful with their business equipment as they are with their personal devices. After all, they most likely have to pay if they lose their work laptop or phone. However, not all employees are careful with work devices, and in the case of loss or theft, your company’s cybersecurity is put at risk. When that device falls in the hands of a cybercriminal, they can hack into the company’s network using the work device and gain access to sensitive information, make changes to the network, and disable employee accounts, among other wicked activities.
While it’s not always going to be the employee’s fault if a device is stolen, you can minimize the risk by putting tracking devices on work equipment and only allowing employees to take them out of the office when they really need to.
Protecting your cybersecurity relies heavily on your employees. Thus, kicking these bad habits can increase your company’s cybersecurity by tenfold and minimize, if not eliminate, the risk of a cyberattack.
