From a cybersecurity
standpoint, your employees can be your organisation’s strongest line of defence or its’ weakest link. According to research conducted by the advisory group Willis Tower Watson, approximately 90% of all cyber insurance claims are the result of human error or behaviour. Organisations need to balance between investing in cybersecurity technology, committing to train employees to recognise cyber threats and adopting a cybersecurity
mindset when establishing remote work policies and procedures.
Common Mistakes Employees Make:
- Email habits that put data at risk – opening suspicious emails that contain malware and clicking on links to download files that are malicious, or landing on websites designed by attackers to phish for confidential information.
- Weak passwords – weak, short passwords are commonly exploited by hackers. Passwords that use proper names, words based on the user name or common variations on these themes can be quickly guessed and are one of the easiest ways to break into a system. In addition, without proper cyber awareness training, employees might share their passwords unwittingly compromising their accounts' security. Using multi-factor authentication is a best practice that adds an extra layer of protection on top of a strong password.
- Falling for social engineering techniques – without prior knowledge or cyber awareness training, staff can be susceptible to common social engineering traps such as spam, and malware or social media scams.
- Poor backup practices – not backing up data regularly will increase the downtime and potential losses incurred if a disruption happens or if an organisation is attacked. Processes and procedures, including back-up practices, must be outlined as part of an organisation's disaster recovery plan to ensure the IT infrastructure will function properly in the eventuality of a disruption.
- Using unsecured personal devices to access work information – unlike company-owned devices which are regularly patched, employees' devices may have unpatched vulnerabilities—either that can make them an easy target for exploitation.
- Connecting to unsecured public Wi-Fi networks – the risk of using open or public Wi-Fi networks is that it can allow attackers to exploit a security flaws in the network to intercept data, as in the case of man-in-the-middle (MitM) attacks
The Importance of Cybersecurity Training
Phishing and social hacking are some of the most common techniques that cyber criminals use to trick employees into gaining access to a company’s confidential data. To build an effective threat prevention strategy, it’s imperative that organisations provide employees with up-to-date data protection and cybersecurity training to ensure they can identify security threats and prevent them in time.