In today’s world, an average data breach can easily cost $3.62 million. IBM Security and Ponemon Institute put each stolen record at $141. And in a typical leak, 24,000 records are compromised. While attacks happen because there is a weakness in the system, these sometimes gain entry through an employee error.
While cybercriminals are now more organized and use sophisticated methods, most of the errors that enable their attacks are seemingly innocent. As these acts on your workers’ end may have been normalized, you may have overlooked some of them in your company. Assessing the situation will help clear your vision.
For starters, here are 6 examples of employee mistakes that can prove damaging to your data security and costly to your organization:
Keeping weak passwords
Last year, BuzzFeed reported that an average internet user has 27 discrete logins. That’s a lot for the memory to handle. The survey did not specify, but assuming the figure represents the total per person throughout the years, one scenario comes to mind. Could it be that the respondents kept forgetting and resetting their passwords?
If this kind of situation happens to your employees, it can compromise your company data. In their tendency to forget, they may resort to applying an easier combination to work-related accounts. It would be wise to set up single sign-on (SSO) for everyone in the organization.
Not erring on the side of caution
There is no such thing as being too careful when it comes to your business security. These days, one click on a non-suspicious link in an email can spell disaster for the entire system. Proper training of employees is still the most effective way to make them understand the threats that exist and the consequences of any attack. They are your foot soldiers in the fight against cybercriminals, and there is no alternative to investing in their know-how.
Bypassing the IT
Today’s workers are often tied to their devices that they may feel a certain affinity toward them. Some may blur the lines when using their company-provided machine. In this case, they are likely to fill it with their favorite music or watch movies on it during their free time. While you want to give them the freedom and flexibility to do their job, you must also know how to draw the line. Let the IT team establish controls. Arrange it in a way that employees will need to ask the IT before performing certain activities on their respective device.
Using unsecured WiFi
Open networks poses risks to your company data and privacy. If your employees use their dedicated office device or access work portals while tethered to a public WiFi, they are leaving your system vulnerable to the bad guys. Anyone who is also on the channel can intercept unencrypted data and snoop on their online activities.
But what if workers cannot avoid connecting to a public hotspot? Say, they must attend to an urgent task at the airport, in the cafe, or on the train. Installing a virtual private network (VPN) will help them limit the risks. If you are shouldering the cost, know which VPN service have reasonable pricing plan per individual.
Uploading on personal drives
Individual employees may be saving and monitoring multiple files when working on a task. When these start to pile up, their machine will tell them to back up. Without a shared drive, they are limited to storing the data on their personal drives or cloud accounts. This practice provides hackers with a potential gateway to your system. If possible, get a cloud storage subscription for your employees. Or look for a one-stop place for all your projects, such as Trello, Asana, or Basecamp.
Downloading personal files on company device
Lastly, as digital tools and processes multiply, users tend to become too familiar with them. Sometimes, they will not hesitate to download a file even if they are not sure about its source. These individuals may be unaware of the threats, or negligent in the performance of their duties, or struck with security alert fatigue. There may be other reasons they are ignoring red flags or explicit warnings. Again, the solution here is proper training and establishing controls across the organization.