The state of cyber security does not exactly look that bright for some business owners, especially as there have been several attacks on large corporations just this year. Unfortunately, you cannot keep your company safe on your own, as much of your company’s security lies in the hands of your faithful employees. The bad news is that they may be prone to exposing your company without you even knowing it, all because they are unaware of some common scams that are used in order to fool them into handing over their data or making their accounts much less secure. According to Kroll, you must educate them on how to properly handle sensitive data in order to prevent any issues from cropping up. To help you out, here are just a few of the mistakes your staff may be making:
Handing Over Their Passwords to Anybody Who Asks
If you would not hand over your password to your closest companions, then there is all the more reason for you to not hand over your credentials to complete strangers. Unfortunately, there are many clever hackers out there who have figured out that they can trick people into giving them that sensitive information without any complaints. You may have fallen for this trick at least once, or may even know somebody who fell for it as recently as this year. They come in many different forms, but it is most commonly sent in the form of a phishing scheme. This is a method a hacker uses, wherein they create a fake login page that mimics the look and feel of an official site. Then, they send out an e-mail using a fake address, claiming to be working for that company. They will warn the user that their account might have been accessed by a suspicious individual, and will request the user to go to the page that they have crafted (pretending that it is a legitimate site) and to input their username and password in order to secure their account it.
Once your employees see this type of request, they should immediately report that e-mail as spam and immediately delete it. If they are unsure, they should take some steps to confirm how legitimate the source is, according to The Hatford. But your staff will need to go beyond that in order to truly protect your company. They should alert their superiors about the threat that they have just received so that said upper management will be able to investigate it and then send out a memo to the entire company warning them of the threat. After all, if one person was able to receive it, then it is highly likely that the same phishing scheme was sent to multiple people at your company. Remember: all it would take to break into your organization’s confidential data is just one person who lets his or her defenses down and hands over the keys to your information.
Not Keeping Their Passwords in a Safe and Secure Place
It does not matter whether you are simply sending files using a cloud computing service, holding an encrypted video meeting with BlueJeans, or even having a simple text-based chat with your co-worker. You must, at all costs, make sure that your password does not get leaked from the most secure place you can think of: your own mind.
The moment that your password leaves your own hands, then you have already opened yourself up to many security vulnerabilities. Even if you think that the people that you trust would not ever willingly share your credentials with anybody else, that does not mean that they may not accidentally leave it around for other people to steal. After all, they are only human, too, so they are as prone as you are to making simple mistakes that can compromise your privacy and security.
That is why you should only ever keep your password in one place: in your mind. Even keeping it on any piece of paper is already a risky move. If you really need something to keep your credentials in, try using a password manager app.
Employee Education Will Always Pay Off in the End (So Get to It!)
Even if you think that it will cost you quite a bit of time and money to train your employees in proper cyber security habits, it will pay off in the end. Remember that a single breach could cost your company billions of dollars worth of damages, and that is an expense you cannot afford to have. Keep these mistakes in mind the next time you give your staff a quick lesson on how to keep their data secure, and you can rest easy knowing that you are probably going to be much less vulnerable to any online attacks.