Your employees can compromise your cyber security unintentionally and therefore place your business at risk. Your company could lose money, downtime, and even its reputation. We will reveal 3 ways they can compromise your security measures, but also how you can prevent it.
Poor passwords
We are forever signing up to new things and creating new accounts where we are required to produce new and safe passwords. But it is not always easy. Having strong passwords is very important. According to Google, 4 out of 10 people have had their passwords compromised in 2019. Many people tend to use the same password which poses a risk to their password being ‘pwned’, exposing their employer to threats. Your employees must be trained in how to set strong and safe passwords. Cyber-attacks can cost large businesses millions of pounds and small businesses thousands of pounds. Ensuring your employees are properly trained is a must, so that your company lowers its risk level of having cyber-attack.
How to prevent it
We recommend making strong passwords that would be very difficult to crack; see below.
Do:
✔ Always use a mix of numbers, & symbols
✔ Make your password at least 12 characters
✔ Always use a mix of uppercase and lowercase characters
Don’t:
✔ Use real words
✔ Reuse passwords
✔ Share your passwords
✔ Use personal information
Cambridge Support has an in-depth blog regarding this topic. Check out our 5 essential rules for creating strong passwords. Your employees can compromise your cyber security, but by not employing such password practices. Therefore, we suggest all your employees are trained regarding how to make strong and safe passwords.
Weak access policies
Allowing all employees access to every piece of data in your business is a big mistake. Each employee should only have access to the data that is relevant to their role. If your company has no restrictions regarding this, we suggest you start placing access policies throughout the company. But you may be asking how can this free access lead to a cyber-attack?
Let us explain. If a folder on a server containing sensitive data is accessed by an employee still finding their way around the file system. If they open that file, that file will be cached to their personal device. This provides a hacker with sensitive data they can steal. The employee could also accidentally attach it to an email by selecting the wrong file or even accidentally delete it. Not everyone in each company is tech savvy and some may need training on basic practices. Therefore, restricting what files users can access is a worthwhile task and could your company from cyber stacks.
How to prevent it
The best way would be to ensure that your system administrator or IT support provider creates and enforces a strict access policy. They should also make certain folders inaccessible by default until the employee gains access from the admin or IT support provider. If your company requires help on granting and restricting access to files and folders to your employees, please contact us and we would be very happy to help.
Phishing attacks
Phishing attacks will exploit your employees and steal your companies’ data. These attacks will interact with your employees in various ways such as through email, phone calls, and software. However, when these attacks interact with your company, they do so like wolves in sheep’s clothing. If they don’t know how to spot these attacks, this is how employees can compromise your cyber security.
How to prevent it
As employees can be the weak point in any cyber security measure, they need to be trained. For example, the company may receive a phishing email, but the employees need to know how to spot them. The email may look like it has originated from a colleague, but upon inspection of their email address, you will find it is it. Scammers may also impersonate large companies. An email that appears to be from @amazon.com, could be ‘@arnazon.com’. The ‘m’ was replaced with an ‘rn’. Therefore, employees need to be trained to be vigilant and proceed with caution when opening email. To learn more on this topic from our blog how to spot a phishing email.
As a business owner or director, we hope this article has opened your eyes to the damaging effects of cyber-attacks and how your employees can compromise your cyber security. However with training and right IT support provider, you can better protect your business from malicious actors.