Do you and your team have some bad habits to break?
Most likely that answer is YES.
The fact is that you and your employees are instrumental when it comes to protecting your business from cyberthreats. AND you can also become targets for hackers and cybercriminals, and you might not realize that what you’re doing is “leaving the virtual door unlocked.”
Here are four ways your employees (and you!) might be endangering your business and yourselves — and what you can do about it.
Not Practicing Safe and Secure Web Browsing.
One of the most basic rules of the Internet is to not click on anything that looks suspicious. These days, however, it can be harder to tell what’s safe and what isn’t. A good rule of thumb is to avoid websites that do not have “https” in front of their web address. The “s” tells you it’s secure – https stands for Hypertext Transfer Protocol Secure. If all you see is “http” – no “s” – then you should not trust putting your data on that website, as you don’t know where your data might end up.
Another way to practice safe web browsing is to use an ad blocker (or simply don’t click on ads). Hackers can use ad networks to install malware on a user’s computer and network.
Not Using Strong Passwords.
This is one of the worst IT security habits out there. It’s too easy for employees to use simple passwords or to reuse the same password over and over again or to use one password for everything. Or, worse yet, all the above.
Cybercriminals love it when people get lazy with their passwords. If you use the same password over and over, and that password is stolen in a data breach (unbeknownst to you), it becomes super easy for cybercriminals to access virtually any app or account tied to that password. No hacking needed!
To avoid this, your employees must use strong passwords, change passwords every 60 to 90 days, and not reuse old passwords (or reuse the same password for multiple applications). It might sound tedious, especially if they rely on multiple passwords, but when it comes to the IT security of your business, it’s worth it.
One more thing: the “tedious” argument really doesn’t hold much water either, thanks to password managers like LastPass and 1Password that make it easy to create strong passwords, manage them, and access them across all apps and accounts.
Not Using Secure Connections.
This is especially relevant for remote workers, but it’s something every employee should be aware of. You can find Wi-Fi virtually everywhere, and it makes connecting to the Internet very easy. A little too easy. When you can connect to an unverified network at the click of a button, it should raise eyebrows.
And unless your employee is using company-issued hardware, you have no idea what their endpoint security situation is. It’s one risk after another, and it’s all unnecessary. The best policy is to prohibit employees from connecting to unsecured networks (like public Wi-Fi) with company property.
Instead, they should stick to secure networks that then connect via VPN. This is on top of the endpoint security that should be installed on every device that connects to your company’s network: malware protection, antivirus, anti-spyware, anti-ransomware, firewalls, you name it! You want to put up as many gates between your business interests and the outside digital world as you can.
Not Being Aware of Current Threats.
How educated is your team about today’s cyber security threats? If you don’t know, or you know the answer isn’t a good one, it’s time for a change. One of the biggest threats to your business is a workforce that doesn’t know what a phishing e-mail looks like or doesn’t know who to call when something goes wrong on the IT side of things.
This Isn’t Everything…
We’ve given you four things to think about – but there is SO MUCH MORE. For example, it’s a bad idea to download attachments in emails unless you can absolutely identify and trust the source. (In one recently read book, the bad guy got people to download a hacker-enabling attachment by sending it in an email that came from a legit person name at a domain name that one one digit off the corporate domain. Think about email@example.com – see the subtle difference in the domain name there? Our brains will fill in the missing letter if we’re not reading carefully – and boom! An attachment gets downloaded that has spyware embedded in it, just like that.)
The bottom line is that you and your people need to be aware and alert to the potential for cyber threats. And it doesn’t matter what size of company you are, either. You could be the perfect gateway for an even bigger cyber attack. And trust us – that’s not a position you want to be in.