Security Mistakes

The Top 3 Security Mistakes Employees Make

Network security is a chief concern of many organizations throughout the world. 75.6% of organizations encountered at least one successful cyberattack within the past 12 months. And though the rate of cyberattacks is not going to decrease anytime soon, it’s important to recognize why it’s so high.

The ideal network security efforts for organizations typically involve advanced devices and programs such as next-gen firewalls, antivirus software, and encryption programs. Despite these effective tools, the first line of defense should always start with the employees of the company.

Without proper security training, employees are prone to making mistakes that they could otherwise easily avoid. Here’s the top three security mistakes employees are making.

1. Reusing Passwords

The perfect password should be a combination of lowercase and uppercase letters. It must contain both letters and numbers, and special characters if allowed. Picking the perfect password isn’t difficult, but picking the perfect password multiple times can get extremely tedious.

Unfortunately, it’s nearly unavoidable. Multiple accounts require multiple passwords. To try and bypass this, employees will often reuse the same password across multiple (and usually all) accounts. It may be easier to remember the password, but it also poses a large risk. If a hacker came to know your password for one account, they would gain entry into every other account.

2. Using Unsecured Networks

It’s increasingly common for employees to use mobile devices for work purposes. That’s great for productivity and flexibility – but it also poses new risks. For example, users may sit down at a coffee shop to grab a drink and check their emails. Without thinking about it, they connect to the Wi-Fi network.

The importance of proper encryption cannot be understated. If the coffee shop uses an unencrypted and unsecured Wi-Fi network, a malicious actor can easily connect to the same network and access the machines connected to the same network. In other words, you’re handing someone information without meaning to. Sending an email or sharing a file with sensitive data in it can pose a huge security risk in an unsecured network.

3. Neglecting Physical Security

IT infrastructures are constantly bombarded with cyberattacks from everywhere on the internet. However, the attacks aren’t always based on the internet. They come from within the workplace itself and stem from a lack of physical security. When a user gets up and walks away from their computer without locking it, they invite trouble.

In the 2016 Cyber Security Intelligence Index, IBM found that 60% of all attacks were carried out by insiders. Of these attacks, three-quarters involved malicious intent, and one-quarter involved inadvertent actors. Malicious actors can simply access an unlocked device and grab whatever data they need. From there, they can do whatever they want with it… leaving your innocent employee liable for a potentially devastating data breach.

What to Do About Security Mistakes

Your employees aren’t actively trying to let cyberattacks into your network. But without proper security training, they still pose a risk that software or hardware can’t account for.

Keeping your employees informed is a powerful way to drastically reduce the chances of your organization suffering a cyberattack. If you’d like to learn more about how we can help you with security awareness training, contact us today.