Employees Are Weak Link in Cybersecurity

Tips on how to avoid data breaches caused by employee negligence

by Daniel Markuson

Estimates show that 90 percent of corporate data breaches in the cloud happen due to hacker attacks that target employees, according to a report from Kaspersky Lab. With many of them forced to work remotely during the quarantine, companies are now more vulnerable than ever.

However, this particular risk is easy to control. There are many digital tools that can help protect organizations from data breaches. These tools and security systems don’t require big investments, as cybersecurity starts with the right mindset of employees. That can be achieved through mandatory training.

Both small businesses and large organizations must focus on cybersecurity. All companies dealing with customer data or confidential information are vulnerable to cyberattacks. The difference is, big names usually have more data that hackers may want to steal. Meanwhile, small ones tend to lack security resources, thus making easier targets.

To protect themselves from hacker attacks, businesses need to consider these common mistakes employees might be making every day:

Using weak passwords. Passwords play the most important role in protecting one’s business accounts and customers’ data. But people struggle to create unique passwords and keep forgetting them. That’s why they often use the same ones for different accounts. Weak and reused passwords are easy to hack. The best solution is to help one’s staff build a habit of using password managers. Passwords must be changed from time to time and shouldn’t be shared among co-workers.

Sharing unencrypted files. Companies are at serious risk of data loss when their employees handle important documents without security in mind. The safest way to store and share files is encrypting them. For example, NordLocker, is easy-to-use encryption software that adds an extra layer of security to data on a computer or in the cloud. In case of a breach, hackers would not be able to access company information — they would see only undecipherable code.

Connecting to unsecured networks. A vast majority of organizations use Wi-Fi networks. Although Wi-Fi gives staff greater mobility within the office, it also makes business data more vulnerable to hacks. The best way to keep online traffic private is to use a virtual private network (VPN). A VPN creates a secure encrypted tunnel that protects one’s connection from anyone trying to breach the system. It is also a must for secure remote connections. It allows employees to safely access their work accounts while traveling, working from home or using public Wi-Fi.

Falling for phishing scams. Phishing is one of the main reasons why members of one’s staff need cybersecurity training. Hackers may try to get sensitive information by faking emails from someone like a company’s CEO or Microsoft representatives. And they use very sophisticated methods for that. Just one reckless click on a phishing link or one download of an infected attachment can compromise one’s entire system. It is important to make sure one’s team is well educated on how to avoid clicking unsafe links or falling for phishing scams.

Ignoring software updates. An average computer user tends to ignore the little pop-up windows that inform about new software updates. However, keeping all software up to date is crucial for a company’s cybersecurity. That’s because updates often repair security flaws, fix or remove various bugs, add new features and improve the existing ones. Having the latest software version means using the most secure version, too.

Posting work-related content online. Employees posting online carelessly can leak sensitive business information. Consider Instagram pictures with workspace in the background. Or Facebook status updates on upcoming business trips or closing important deals. Both reveal too much information that can be used to breach an organization’s security. It is also a very common mistake during the current situation when people share images online of what their workspaces at home look like. A picture of a desktop with visible icons or open documents can reveal much more than intended. Businesses need to create social media and data privacy guidelines to prevent employees from sharing confidential information.

Connecting unsafe media storage devices to the company’s computers. An employee might insert a flash drive into their computer without knowing it is infected. These media storage devices might contain viruses and other malicious content, which could transfer to a company’s network and compromise its entire system.

Daniel Markuson is the digital privacy expert at NordVPN Teams, a cybersecurity solution for business from the world’s most advanced VPN service provider NordVPN. NordVPN Teams has a full range of features to ensure convenience and powerful digital protection for small and medium enterprises, freelancers, and remote teams. NordVPN Teams offers advanced 256-bit encryption, ad and malware blocking, unsecured traffic prevention, automatic connection on Wi-Fi networks, and 24/7 customer support with a dedicated manager. NordVPN Teams is available on all major platforms.

Speak Your Mind

In Business Dailies

Sign up for a complimentary year of In Business Dailies with a bonus Digital Subscription of In Business Magazine delivered to your inbox each month!

  • Get the day’s Top Stories
  • Relevant In-depth Articles
  • Daily Offers
  • Coming Events