Top 5 Reasons Your Employees Struggle with Cyber Security

They say you’re only as strong as your weakest link. This couldn’t be any more accurate when it comes to the strength of an organization’s cyber security. Even if there are knowledgeable IT professionals within the organization, and most employees are trained in cyber security risks — it only takes one. One person to click on one wrong thing that could lead to the corruption of an entire network.

In order to avoid your organization from falling victim to a cyber attack it is important you understand why your employees are likely failing to protect your digital assets to begin with.

Lack of awareness

Ransomware is one of the biggest cyber security threats; yet, most computer users have no idea what it is or how to identify it. Users also lack the knowledge of “what to do next”. This means, if they do see something on their computer, or click on something they shouldn’t, what do they do next? Often times employees pretend it never happened. This is the worse possible response, as it could allow for the malware to spread throughout the interconnected networks. As an employer, you must not only train your employees on cyber security, but also educate them on what to do if their devices become infected.

Clicking without thinking

This is incredibly broad, but encompasses nearly every aspect of cyber security. Opening unknown emails, or clicking on malicious attachments is how many forms of malware are delivered. Employees must be aware of how to spot spoofed emails to avoid clicking on malicious attachments.

Over-sharing

This is incredibly common, primarily on social media. Employees will share the names of their children, pets, parents, and employers on social media platforms. Often times, the information shared is what people opt to use as passwords. Not only are employees putting their personal accounts at risk by sharing this information, but they are likely using the same passwords at work as well — potentially exposing your network to attack. This brings me to my next point…

Reusing passwords

This is just a bad idea, but is incredibly common. Many users deploy the same password for all of their accounts. This is great for the user, because they only have to remember one password. It is also great for the cyber criminals because they only need to crack one password to gain access to every program and network that employee had access to. It’s important as an employer, you establish password best practices. A few suggestions for these best practices can be found below:

• Require employees to change their passwords every 6-8 weeks
• Mandate the passwords be at least 9 characters, using upper and lower case, numbers and special characters
• Discourage reusing passwords for different programs and/or login credentials
• Write a password policy stating employees are not to write down or save passwords, nor are they to share them with other employees

Sharing credentials

This is more common than one may think, especially if the program only allows for a certain number of users. This leads employees to share login credentials with one another, creating a major security risk. Why? For many of the reasons we’ve listed above.

The password John just shared with Sheila likely used for other programs he as well. There also may be legitimate reasons why Sheila doesn’t have access to the program or network to begin with. It is imperative, as an employer your are educating employees on the risks and potential repercussions of sharing login information.