Human error accounts for more than 80% of cybersecurity breaches. The vast majority of these cyberattacks can be prevented through cybersecurity training for employees. Below, you’ll find four of the most common bad habits among employees that companies face.
4 Employee Habits or Bad Practices in Cybersecurity
1. Weak Passwords
An insecure password is as easy to breach as locking your house and leaving the key under the doormat. People often believe that simply having a password protects them from hackers trying to access their devices, but that’s not the case. Recently, a major hotel group had its database breached because it was protected by an insecure password (Qwerty1234).
All employees must be aware that having the most sophisticated cybersecurity tools is of little use if simple passwords are then used to access data. Currently, many platforms no longer allow easy-to-guess passwords or use two-factor authentication for user logins. Generally speaking, passwords should be long and contain numbers, letters (both uppercase and lowercase), and symbols. And for those who are more cautious, they should change them periodically.
2. Leaving devices unattended
Remote or hybrid work is fine, but it comes with certain risks. If your employees are working from a public place and leave their devices unattended for even a moment, they are leaving the company’s doors wide open to third parties. Even though files are protected with strong passwords, it’s common for passwords to be stored on devices for the sake of productivity and convenience. It’s important to configure devices to automatically lock after a period of inactivity.
If a hacker gets their hands on a corporate device, they can access the company network and install malware across the entire system.
3. Falling Victim to a Phishing Attack
Phishing emails are among the most powerful weapons cyberattackers have, as they boast some of the highest success rates among cyberattacks. For this reason, over 3.4 billion phishing emails are sent every day.
These emails are sometimes very obvious and easy to spot. This large volume of malicious emails that are so easy to detect means that the more targeted ones slip through the cracks, turning many people without specific cybersecurity training into phishing victims. And often, the company they work for is affected by this attack.
If your employees aren’t trained in cybersecurity, you can access our awareness portal, where they’ll find a wealth of resources to help raise awareness in this area.
Make sure your employees know how to identify a suspicious email. And if they’re unsure, they should report it directly to the IT team.
4. There are no established access guidelines
Even if you have complete trust in your employees, it makes no sense to grant unrestricted access to everyone. Each employee should have access only to the necessary documents—not to everything—to minimize risks.
By restricting access to only the necessary documents, if any of the vulnerabilities mentioned above are exploited and the system is hacked, the attacker will only have access to a portion of the corporate documents, not the entire collection. And what could be a catastrophe may end up being a minor issue.
At Tranxfer, we recognize that over 80% of security breaches are caused by human error, and that many of these can be prevented by raising awareness and training all employees in cybersecurity.
