The 5 Habits That Make Your Employees Highly Hackable
16 November 2017 00:00
Bad habits are hard to kick. This is especially the case when bad habits enter the workplace, just as businesses are learning with the rise of employee-related breaches.
There's no shortage of damning statistics focusing on the current state of cyber security. But amongst all the noise and clutter, there are some findings that stick out and cause you to really take notice.
One of those is the fact that 93% of employees have admitted to engaging in at least one form of poor data security. If you take into account that 97% of employees have access to some form of sensitive or confidential information, then perhaps "playing with fire" is an understatement.
Here, we dig into some of the most common bad habits that many end users (including your employees/ colleagues) commit on a frequent basis...
#1 They share their login credentials
We’ve all been guilty of placing convenience over security at times. But maybe we’re also guilty of not really understanding what kind of risks can surface when taking the easier route.
You’ve most likely overseen or been involved in a scenario where a colleague has needed to quickly access certain information. The problem is, most end users don’t give a second thought to cutting corners and sharing their credentials, and many employers are guilty of failing to bat an eyelid. But where time and efficiency gains, so too does the risk of a data breach.
Take this survey by Intermedia as an example. Nearly 50 percent of office workers have admitted to sharing their credentials. While this survey might not bear fruit on all workplaces, it certainly manages to highlight a worrying trend.
#2 They choose terrible passwords
A lot gets made of whether passwords are actually that useful these days. With facial and fingerprint recognition making their way onto our devices, traditional passwords are slowly being seen as a thing of the past. But right now, they’re still being used -- and in a terrible way.
After all, the most common passwords used in 2016 were “password” and “123456”. These ultra-simplistic passcodes aren’t due to a lack of creativity, instead, it all boils down (again) to convenience and a lack of understanding the importance of password security.
#3 They’re mixing business with pleasure
Employees use their own technology in the workplace now more than ever. Bring-your-own-device (BYOD) is a perfect example of the less secure personal devices of end users are unwittingly encouraging the threat of a hack. But perhaps an equally-sized risk doesn’t get the attention it deserves - the threat of cloud computing.
An employee might upload work files to a personal file-sharing application for working remotely, but this brings about some high risks. Take Google Drive and Dropbox for example - these hugely popular services lack security protocols or audit and compliance features and were ultimately designed for consumer convenience.
Similar read: The 5 types of employees phishing emails love to target
#4 They install apps without consulting IT
Being glued to a workstation for nearly eight hours a day can mistakenly allow employees to see their work computers as a personal device. This ultimately leads to a persistent issue in today’s businesses, with what’s known as “Shadow IT”. Essentially, this is where employees begin to download unauthorised applications onto their computers.
Of course, their intentions are most likely completely harmless. But, with cyber criminals coming up with crafty points of attack all the time, the threat of installing malware or other security threats onto the company network is rife.
#5 They don’t show any care with emails
Perhaps the “they don’t show any care” remark is a tad unfair, mainly due to the fact that many employees aren’t actually aware of the risks associated with emails. From socially engineering staff to outright mass phishing, employees are targeted by fraudulent emails every single day.
Yet there are still a high number of business that don’t effectively educate their end users on the risks of phishing. All the while, the bad habits of opening, clicking and replying to emails are leading more and more businesses to be compromised.
How to kick these bad habits out of your employees (not literally)
The role of IT no longer focuses solely on acting as the “technology gatekeeper”. Now, IT professionals are expected to advise the business. So it’s important to make sure that employees are aware that they mustn't download unauthorised applications, and that IT offer alternatives to poorly-secured apps. But, word-of-mouth tends not to stick.
This is what makes continuous security awareness and education a key focus in which today’s businesses cannot afford to avoid.
Educate employees on the basics of email security and why it is important. Raising awareness of what these emails look like, warning signs, and how to report them is an effective start. Try simulating a phishing attack on your users to find out what level they’re currently at (try one for free here, or, gather more info on how a simulation should work).
It’s also important to reinforce these messages. Try educating your end users with security-focused eLearn modules, and the odd poster wouldn’t go amiss either (we’ve also got some of those you can have for free -- don’t say we don’t treat you).