FREE IT ASSESSMENTFREE IT ASSESSMENT

Don’t Let Your Employees Become Your Biggest Cybersecurity Vulnerability

Published on
06/02/2021

data_breach_email_phising_malware_protection_cybersecurity_training

A couple of years ago, TechRepublic ran a story with the following headline: “Employees Are Almost As Dangerous To Business As Hackers And Cybercriminals.”

From the perspective of the business, you might think that’s simply inaccurate.

Your company strives to hire the best people it can find – people who are good at their jobs and would never dream of putting their own employer at risk and who follow cybersecurity guidelines properly.

And yet, many employees do, and it’s almost always unintentional.

Your employees aren’t thinking of ways to compromise your network or trying to put malware or ransomware on company computers, but it happens.

One Kaspersky study found that 52% of businesses recognize that their employees are “their biggest weakness in IT security.”

Where does this weakness come from?

It stems from several different things and varies from business to business, but a big chunk of it comes down to employee cybersecurity behavior and lack of cybersecurity training.

Human Error 

We all make mistakes. Unfortunately, some mistakes can have serious consequences.

Here’s an example: an employee receives an e-mail from their boss. The boss wants the employee to buy several gift cards and then send the gift card codes to them as soon as possible. The message may say, “I trust you with this,” and work to build urgency within the employee.

The problem is that it’s fake. A scammer is using an e-mail address similar to what the manager, supervisor, or another company leader might use.

It’s a phishing scam, and it works. While it doesn’t necessarily compromise your cybersecurity internally, it showcases gaps in employee cybersecurity knowledge or the lack of cybersecurity training.

Another common example, also through e-mail, is for cybercriminals to send files or links that install malware on company computers.

The criminals once again disguise the e-mail as a legitimate message from someone within the company, a vendor, a bank, or another company the employee may be familiar with.

It’s that familiarity that can trip up employees.

All criminals have to do is add a sense of urgency, and the employee may click the link without giving more thought.

phishing_cyber_attack_data_breach_cybersecurity_training

One Kaspersky study found that 52% of businesses recognize that their employees are “their biggest weakness in IT security.”

Carelessness

This happens when an employee clicks a link without thinking.

It could be because the employee doesn’t have cybersecurity training to identify fraudulent e-mails or the company might not have a comprehensive IT and cybersecurity policy in place.

Another form of carelessness is unsafe browsing habits.

When employees browse the web, whether it’s for research or anything related to their job or for personal use, they should always do so in the safest way possible.

Tell employees to avoid navigating to “bad” websites and to not click any link they can’t verify (such as ads).

Bad websites are fairly subjective, but one thing any web user should look for is “HTTPS” at the beginning of any web address.

The “s” tells you the site is secure. If that “s” is not there, the website lacks proper security.

If you input sensitive data into that website, such as your name, e-mail address, contact information, or financial information, you cannot verify the security of that information and it may end up in the hands of cybercriminals.

Another example of carelessness is poor password management.

It’s common for people to use simple passwords and to use the same passwords across multiple websites.

If your employees are doing this, it can put your business at a huge risk. If hackers get ahold of any of those passwords, who knows what they might be able to access.

A strict password policy is a must for every business.

This cybersecurity carelessness can be mapped by assessing your employees' vulnerability score (EVS)

Turn Weakness Into Strength 

The best way to overcome the human weakness in your IT security is through education.

A cybersecurity policy is a good start, but it must be enforced and understood. Employees need to know what behaviors are unacceptable, but they also need to be aware of the threats that exist.

They need resources they can count on as threats arise so they may be dealt with properly.

Working with an MSP or IT services firm may be the answer – they can help you lay the foundation to turn this weakness into a strength.

It's because of all these reasons that we at QWERTY Concepts take a proactive approach when comes to cybersecurity by not only implementing hardware and software for protection but also establish a plan of continuous cybersecurity training for all employees via an interactive platform, and sending them weekly and monthly tests to sharpen their senses against real cyberattacks.

[/fusion_text][/fusion_builder_column][/fusion_builder_row][/fusion_builder_container]

Category
Ready to start working together? Contact us here!Helpful Resources
877-QWERTY-1 / 877-793-7891
371 Hoes Ln, Suite 200-206, 
Piscataway, NJ 08854
Copyright © 2020 QWERTY CONCEPTS, Inc   |   All Rights Reserved   |   Sitemap   |   Managed IT services provider for New Jersey and New York City businesses
linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram