Despite the importance of humans in cybersecurity, many companies still consider them a weak link. While they can be incredibly aware of attacks, they are also often the ones who make the biggest mistakes.
Personal Devices
The rise of bring-your-own-device (BYOD) has resulted in more employees using their personal devices to access sensitive information. While it’s easier for your company to control assigned devices and audit uses by its employees, individual devices can be incredibly vulnerable.
According to a report released by Verizon, 79 percent of organizations consider their employees’ phones and computers to be significant threats. The report also noted that some of the most common risky behaviors employees perform when using their devices are visiting questionable websites and downloading apps.
Public wi-fi
Many employees rely on public wi-fi hotspots to send and receive work emails. While this can help boost employee productivity, it can also expose the company to cybersecurity risks. Among these is the potential for cybercriminals to steal files, eavesdrop on conversations, and distribute malware.
Web Surfing
The watering hole attack is a type of attack that involves intentionally compromising websites that an organization’s employees visit regularly.
Criminals often look for ways to compromise popular websites so that they can distribute malware, intercept communications, or steal data. Employees should always be careful when visiting sites that don’t display a padlock.
Unsafe Downloads
Workers need to be especially careful when downloading applications or files. Doing so can expose them to additional risks, such as introducing new vulnerabilities where attackers can take advantage. Open-source software is vulnerable due to its popularity and because developers typically don’t prioritize cybersecurity.
Insecure Password
Despite the importance of strong passwords, many employees still fail to practice proper hygiene when securing their passwords. There are various reasons, such as people having too many accounts to manage or lazy employees. Sometimes, employers encourage poor password practices by asking their employees to share their credentials.
Phishing Scams
Many employees still fall for phishing emails. These attacks are widespread and can expose an organization to various risks. If employees can’t recognize the messages in phishing emails, they can provide their personal information to fraudsters.
Dark Data Collecting
A type of data known as dark data is collected by businesses and then forgotten. It can include various details such as meeting minutes and old emails. It can be dangerous when it falls into the wrong hands.
Unfortunately, some employee practices can also contribute to the issues that prevent businesses from adequately managing and securing dark data.
What to do?
To minimize the risks associated with employee activities, an organization must have a strong security culture. This can be done through regular education programs that provide employees with the necessary information to protect their data.
Having the necessary resources to monitor and respond to incidents is also essential. Having the right technology and people can help prevent costly errors. A 24-hour managed response service can help boost an organization’s security efforts.