Risky Business: 8 Mistakes To Avoid
Cybersecurity and user awareness training has become an essential part of keeping organizations protected from today’s sophisticated phishing and malware attacks. Cybercriminals prey on human error and use trickery to infiltrate a company’s network and launch any number of attacks including data exfiltration, ransomware and financial theft. Often times, an organization’s best cyber defense strategy can be unraveled by careless user mistakes or risky behavior that leads to such breaches.
The following is a list of eight common mistakes your users may be committing, putting the organization at risk. If any of these look familiar it may be time to consider user awareness training to modify these risky behaviors.
1. Sharing passwords: Whether users intentionally share passwords with colleagues, friends and family or just leave them on sticky notes by their computers, the effect is essentially the same: an unauthorized person can use the password to get into the network.
2. Using weak or default passwords: Users often don’t bother to change default passwords—whether on websites, applications, machines or Wi-Fi routers—which creates vulnerabilities. Or they use easy-to-guess names or dates because they’re simpler to remember.
3. Opening suspicious emails: Even when users suspect an email is bad, many will still click on an attachment or a URL, possibly unleashing a virus or ransomware in your network.
4. Sharing personal information: As with #3, users often act against their own instincts, providing information such as bank account numbers, credit card information and Social Security numbers when requested by an email or a website reached through a suspicious link.
5. Turning off security controls: Be it a firewall, antivirus solution or pop-up blocker, turning off any security tool poses a serious and immediate risk. Yet users sometimes do this because they view these tools as an inconvenience or waste of time.
6. Leaving machines unattended: Leaving laptops on and unlocked and then walking away is a big no-no, but users are guilty of this, both in the office and in public places such as coffee shops.
7. Using social media carelessly: Social media-related risks abound, from revealing too much information to sharing employer dirty laundry to clicking malware-infected links.
8. Improperly sharing files: Users that transfer files from work to personal machines, either by email or using USB sticks, could be flirting with malware infections—and they may be violating applicable data privacy laws.
Every day, new cyber threats seem to pop up. Keeping up with them all is no easy task for SMBs, but you simply cannot ignore them because doing so puts your business at risk. Avoiding risk takes a combination of technology, well-crafted policies and user education.
For more information on understanding cyber risks and how to protect your organization, click here for our newest guide, SMB’s Under Attack. If you follow the advice put forth to secure your business, you will minimize your chances of falling victim to a cyberattack.