Human error causes more than 80% of cybersecurity breaches. The vast majority of these cyberattacks are avoidable with employee cybersecurity training. Below, you can see four of the most frequent bad employee habits that companies face.
4 Customs or bad practices of employees on cybersecurity issues
1. Weak passwords
A weak password is as easily compromised as locking your house and leaving the key under the rug. It is often believed that by having a password, you are already safe from hackers who want to access your devices, but this is not the case. Recently, a large hotel group had its database compromised by protecting it with a weak password (Qwerty1234).
All employees must be aware that it is of little use to have the most sophisticated cybersecurity tools if they are then used simple passwords to access the data. Currently, there are many platforms that do not allow easy passwords, or that use double authentication factor for user login. Broadly speaking, passwords should be long, containing numbers, letters (both uppercase and lowercase), and symbols. And for those who are more careful, they must change it from time to time.
2. Leaving devices unattended
Remote or hybrid work is fine, but it does come with some associated risks. If your employees are working from a public place, and leave their devices unattended for any time, they are leaving the doors of the company open to third parties. Everything and protecting the files with strong passwords, it is common to have the passwords saved on the devices for productivity and comfort issues. It is important to configure the computers with the automatic lock due to inactivity.
If the hacker has the corporate device in his possession, he can access the company and install any type of malware globally.
3. They fall for a phishing attack
The phishing emails They are one of the most powerful weapons that cyber attackers have, since they are one of the cyber attacks that have the highest success rates. For this reason, more than 3.4 billion phishing emails are sent every day.
These emails are sometimes very thinly disguised and easy to see. This large volume of malicious emails, so easy to detect, causes those who are more focused to overlook them and turn many people who do not have specific training in cybersecurity into victims of phishing. And often, the company they work for is affected by this attack.
If your employees are not trained in the field of cybersecurity, you can access our awareness portal, where they can find a multitude of resources for raising awareness in this field
Make sure your employees know how to identify suspicious email. And if they are not clear, they should report it to the IT team directly.
4. There are no set access guidelines
Everything and you have complete trust with your employees, it doesn't make sense to give free access to everyone. Each employee must have access to the necessary documents, and not all, to minimize risks.
Restricting access to only the necessary documents causes any of the vulnerabilities mentioned above and is hacked, you will only have part of the corporate documents in your domain, and you will not have access to all of them. And what could be a catastrophe, can end up being a small problem.
At Tranxfer we take into account that more than 80% security breaches are caused by human error, and that a large part of these can be avoided by raising awareness and training all employees in cybersecurity.