Learn how to prevent common errors that invite hackers in.
People make mistakes. However, some cost more than others.
According to the 2019 Verizon Data Breach Investigations Report, more than one out of five business data breaches are caused by employee errors. These errors can lead to significant consequences, including:
- Reduced revenue because organizations have to spend money to remediate and repair the damage caused by data breaches.
- Lower productivity because employees have to spend time cleaning things up.
- Damaged reputations because customers lose confidence in businesses that expose their personal data to hackers.
The most common types of mistakes made by employees that result in data breaches include:
- Using weak or obvious passwords.
- Emailing sensitive information and documents to the wrong people.
- Publishing confidential information — or accidentally making it available — on public websites.
- Setting up systems or installing software in ways that allow hackers to break in.
- Losing devices like smartphones, tablets or computers — or having them stolen.
All these seem like minor issues, but they can be costly. According to the 2019 Cost of a Data Breach Report by the Ponemon Institute, the average cost of a business data breach caused by human error is $3.5 million. Why so much? The price to replace and remedy each record lost due to a cyber security incident is, on average, $133. (Think about how many records your company maintains to estimate how much a data breach could cost you.) On top of all of this, it usually takes organizations more than eight months to clean everything up and return their operations to a new form of normal.
Could your business afford the money and time it takes to recover if a cyber breach happens to you?
If you answered NO, here are the steps you need to take to prevent employees from making mistakes that could cost you BIG time.
1. Ensure everyone uses strong passwords.
If you don’t already have one, set up a password management policy as soon as possible. Establish processes and procedures for properly handling, sharing and storing passwords along with rules on how to create and use strong ones.
Why is this important?
Not using strong passwords leaves businesses vulnerable because:
- Default credentials that aren’t changed can be cracked in brute force cyber attacks or may already be known by hackers.
- Passwords based on personal or company information can be guessed by cyber crooks after minimal online research.
- Simple letter and number combinations are known by hackers and can be quickly cracked using automated programs.
Improper storage of passwords can also have consequences. This includes doing things like:
- Storing passwords in text documents or spreadsheets left open on computers, or that are easy to access.
- Writing down passwords on post it notes and keeping them in public places.
- Using password storage and management systems that don’t encrypt them for safety.
Perhaps even more harmful to businesses is when employees handle passwords in unsafe ways including:
- Sharing them through unencrypted messaging systems.
- Using the same password for multiple accounts and platforms.
- Not changing them frequently.
Address these issues when you create your company’s password policy and procedures. Document everything in an easy to understand and use way like a checklist. Train your employees on how to handle things correctly. Review your policies and procedures regularly to ensure people don’t forget any best practices.
Need support managing your company’s passwords? Find out how GeeksHD can help with this and more.
2. Encourage careful handling of data.
There are many common mistakes employees make when working with data, including:
- Emailing sensitive records or information to the wrong people.
- Accidentally deleting files that contain critical data or important security information.
- Permanently eliminating necessary files without realizing they’re important.
- Making changes to documents that compromise their integrity.
- Sharing sensitive data with coworkers using unsecured messaging systems.
- Using unsecured email systems when sending sensitive data.
- Not backing up critical data, documents and information.
These things aren’t done intentionally. They’re often the result of negligence, lack of knowledge or fatigue.
Carve out time during your team meetings to train on careful data handling best practices. Reward employees who do things right. Always stay on the look out for workers who may be too tired to do their jobs right. Figure out how to realign their responsibilities so they’re always alert at work or offer them some time off to recharge their batteries when they need it.
3. Don’t use outdated, unauthorized or incorrectly installed software.
Outdated software is a hacker’s best friend. It has known issues that can easily be taken advantage of. The same is true of unauthorized software employees install on company systems. Another issue: Employees working from home using their own systems and software to do company work. This welcomes cyber criminals in because:
- Software updates aren’t installed. Big companies and small can be easily hacked when software isn’t updated every time there’s a new release that includes security updates.
- Security features get disabled. A small slip up is all it takes to allow hackers to bring down your operation.
- Employees download their own software. Unapproved software can be malicious, leaving your business information vulnerable to being stolen or destroyed. It can also have viruses that could bring down your systems.
The most common reasons for improper software use by employees are:
- Too much work. Being too busy often leads to putting off installing software updates.
- Bad timing. Software update pop ups always seem to happen at the worst times — during conference calls, at lunch or near the end of the day. This is why they’re so often ignored.
- No time to learn. Busy employees may not have a chance to learn the features of updated software, so they continue to use outdated versions that they’re familiar with.
- Updates take too long. Employees give up on updates when they take too much time to install.
- Ineffective workplace software. Often, people can’t get their work done in the time allowed using the software available to them. That’s why they install their own, more efficient programs on company computers or use their own software on their personal devices.
Notice that all these reasons relate to time. If you want employees to do the right things, including using the latest sanctioned software, you have to provide them with the time to do it. Educate your workers on best practices related to updating and using company software and make sure you allow them to block time on their calendars to get it done.
4. Educate employees about cyber security best practices.
Why do people NOT do the things they’re supposed to do? It can be as simple as not knowing any better. Most people don’t take time to educate themselves about cyber security. If you want to protect your business, you’ll have to teach your employees everything they need to know. Here are some common mistakes people make because they don’t understand the value of protecting data or how to do it:
- Following email links or clicking on attachments. Cyber thieves become more creative all the time. They keep finding new ways to create and send malicious emails that don’t get filtered as spam and make people do exactly what they want them to do. This includes visiting dangerous fake websites and clicking on attachments that set off malicious scripts.
- Period. People, especially when they’re busy, forget things. This includes leaving company computers and smartphones in vulnerable places where they can be stolen. Once a device is taken by a thief, it provides a direct line into the very heart of your company’s security.
- Using public Wi-Fi that’s not secure. People like being able to work anyplace, anytime. This includes using public Wi-Fi at coffee shops, gyms and hotels. Public Wi-Fi is often abused by hackers to start man-in-the-middle attacks, install malware or conduct other malicious activities.
- Taking advantage of USB sticks. Getting free storage or software on a USB stick seems like a great deal. But like most free things, it’s not. Those USB sticks people get from who knows where probably contains a malicious code that’s talking to an outside network. That network is learning all your business secrets.
The people who work for you are experts at what they do. They’re not cyber security professionals. Make it a priority to train them on what to look out for and do. It’s the best way to protect your business from unintentional data breaches.
Need a fresh set of eyes to take a look at your current cyber security practices? The experts at GeeksHD are ready to help. They can identify gaps in your current processes and procedures that could leave your business vulnerable to cyber threats. They’ll also recommend ways to fix them, so you sleep better at night. What are you waiting for? Isn’t it time to protect the business you’ve worked so hard to build?