How Employees Can Get You Hacked
Breaches are becoming increasingly common as cybercriminals continue to advance their skills and tactics to trick their victims into falling for their scams. While cybercriminals are remaining diligent in their efforts to carry out their attacks, organizations continue to underspend on cybersecurity. An article on Entrepreneur looked at things your employees are doing that put your organization at risk.
The 2016 State of SMB Cybersecurity Report revealed that half (14 million) of the 28 million small businesses in the U.S. had been hacked by cybercriminals, but why? According to a CNBC survey of 2,000 small-business owners, small businesses are not spending enough on cybersecurity.
With human-error being the most common reason for a cyber intrusion, employee security training is crucial to ensuring employees know how to spot a hacking attempt.
Since it is possible to reduce your odds of getting hacked through employee security training, it’s important to understand what employees are doing that will get you hacked. Below are 5 of the most common mistakes:
What are employees doing that can get you hacked?
- Being lazy: Employees often feel that it’s not their job to worry about security, or that IT is responsible for “that kind of stuff”. Organizations often lack IT resources, especially equipped to handle cybersecurity threats like ransomware. Employees should be aware that they are a target for cybercriminals and that it’s their job to help stop them from carrying out a successful attack.
- Unprotected Computer Access: An unattended computer or laptop is vulnerable to unauthorized access. Employers often have 2-step verification available to them but have either chosen not to add it to their services or allow employees not to engage it if they have subscribed to it, allowing someone easier access if they have credentials. Once someone is in, they have free range to access any data that may be stored, such a personally identifiable information (PII), credit card data, and additional log-in credentials. 2-step verification is simple to enable in most situations. After 2-step verification is enabled, a code will be texted to the employees’ phone or an app will initiate an action making it so that someone would have an extremely difficult, if not impossible, time accessing that computer.
- Clicking on fake emails: According to the cybersecurity company PhishMe, 91% of cyberattacks begin with a spear phishing email. In these phishing emails, hackers design the email to look authenticate so the employee thinks it is coming from the real source it’s claiming to be. These phishing emails may appear to come from credible company’s customer support departments, such as Microsoft or Google or could even appear to come from you (their boss). In many cases, once an employee falls for a phishing scam, their computers/mobile devices become infected with ransomware.
- Lousy passwords: SplashData reported that the most common password in use today is 123456. Not only is this a very weak password to begin with, but people are often reusing their easy to crack password across multiple sites and accounts, as well as sharing them with co-workers. Other common employee mistakes when it comes to passwords include physical protections, such as writing them on a sticky note and leaving that on their computer or under their keyboard. Employees may also be typing their password without paying attention to wandering eyes that may be watching them. While complex passwords are commonly suggested and used, according to NIST, the best recommended password is a ‘longer is stronger’ passphrase.
- No backup: There’s a good possibility that at least one employee in your company isn’t backing up the data he or she is supposed to be, which is a major problem. Not only is there a risk of files being lost due to technical issues, there is also danger in losing those files to a cybercriminal. During a ransomware attack, a cybercriminal locks the user out of their account and denies them access to their files unless a ransom is paid. Even after the ransom is paid, there is no guarantee that the files will be returned to the user, making backup files crucial.
Although these employee mistakes can lead to major issues for your organization, it’s not too late to protect yourself and your operation! Training your employees on security is vital and a great way to ensure they know what to lookout for to help prevent a hacker from carrying out a successful attack on your business. In addition to security awareness training, it is beneficial to share these 5 common mistakes with your employees to bring them to their attention and help them understand the risks they may be presenting.
GO Concepts is dedicated to working with the Development Disabilities community throughout Ohio to help them best protect their network and private data. Our commitment to County Boards of DD and the agencies and independent providers that work with them, insures your organization will have a professional information technology team that is highly experienced in your specific needs and ready to serve them, whether working with your existing IT staff or as your IT Department.
For help better securing your information, contact the team at GO Concepts.