The #1 Cybersecurity Weakness May Not Be What You Expect

by | Nov 8, 2017

There’s a weakness in your network.  Right now.  It’s a weakness no hardware or software can fix…but a well-rounded business continuity plan can.

Business Continuity is Critical. But You Have to Make Sure it’s Complete.

Investing in business continuity solutions, like a two-tier backup system, is undoubtedly important for maintaining operations. However, in today’s environment, smart companies cover all the bases.

They address the #1 cybersecurity weakness their business has.  It’s not an unpatched server, an older computer, or local-only backups. It’s their employees.

Ways Your Employees Can Jeopardize Cybersecurity

Before anything else, let’s be clear. Your employees aren’t intentionally weakening cybersecurity! In almost every instance, people trigger malware attacks and data breaches accidentally.

Unfortunately, they have plenty of ways to trigger such ‘accidents.’  Here are some of the most common employee behaviors resulting in cybersecurity disasters:

  • Clicking on infected emails, activating malware/ransomware.
  • Saving company Intellectual Property (IP) in places nobody else knows about (preventing its backup and opening it up to theft).
  • Bringing personal devices in to work, introducing vulnerabilities and perhaps carrying malware in with them!
  • Storing passwords in unsecure locations (e.g. on a Post-It, in a plain text file), where others can see/steal them.
  • Using personal email and unapproved file-sharing services for company work.
  • Not safeguarding their laptops from theft when traveling.
  • Installing unapproved software on their workstations or company servers.

Reasons for Cyberattack-Enabling Employee Behavior

How do such behaviors happen? We’re all responsible professionals, right?

Yes, we are.  But professionals are still human.  Sometimes even with the best intentions we slip up.  Most work mistakes are easily fixed.  However, when it comes to cybersecurity, slipping up is downright dangerous.

Look through these behaviors. How many times have you caught yourself, or co-workers, acting along these lines?

  1. Distraction/Focus on Other Things

Let’s look at the top three industries hit by ransomware in 2017 (from “A Closer Look at Datto’s Ransomware Report” on October 3rd):

  • Construction/Manufacturing
  • Professional Services
  • Healthcare

We’ve worked with customers in all of these industries.  Busy, hard-working people. Which is itself a contributing factor to their vulnerability.  Not enough time, too many emails, everyone’s in a rush. Someone rushes through their email, clicks the wrong link, and lets malware in.

  1. Perception: “It’s the IT Department’s responsibility!”

Some people just aren’t comfortable with technology. That’s okay…it’s why we hire IT professionals. But even the sharpest IT pro can’t prevent you from making bad decisions online.

  1. Unaware that Cybercriminals Would Target Them (both individually, and by industry)

Too many people think they’re not a target because “we’re too small” or “we don’t sell online.” That premise is no longer part of the equation. If you’re online, you’re a target.

How to Combat this Weakness? Educate Your Employees

The good news? You can stop all of those behaviors…with education!

Cybersecurity Education builds awareness of the risk each employee faces. It helps employees learn good computer habits. It even works hand-in-hand with business continuity solutions (like cloud backups and firewalls).

Education makes Business Continuity complete. Together with backups and security software, it builds an effective defense against cybercriminals.

Cybersecurity Education should cover:

  • The threats out there
  • How they get into your networks
  • Warning signs to watch out for
  • What to do if you suspect an attack

Employee cybersecurity education should take place AT LEAST once a year, with email alerts as needed about new malware strains.

3 Cybersecurity Education Tactics to Protect Employees (and Your Business!)

To help start you off on educating employees, here are 3 tactics they can start using right now. These come from PlanetMagpie’s Employee Cybersecurity Training program in Silicon Valley.

  1. Never click on a link or attachment in an email you weren’t already expecting.
    Email is the #1 delivery method for malware & ransomware. If you teach employees to recognize it here, you strengthen cybersecurity by 75%.
  2. Get approval for any software you install on your workstations. If you don’t have approval, don’t install it.
    You could let malware into your employer’s network. They could also trace it back to you. That’s an uncomfortable discussion right there.
  3. Don’t use public/airplane Wi-Fi for work.
    These are open networks. A cybercriminal could sit 2 seats away, break into your laptop, and install malware on it without you knowing. You get back to the office, the malware spreads throughout the network, and everyone’s day is ruined.

Give Your Employees Cybersecurity Education, Guard Your IT against Cyberattacks

Again, we’re NOT saying employees intentionally jeopardize cybersecurity. Most incidents arise from accidents.

Point is…accident or not, it still happens. No amount of technical protection will fully protect your data, if your employees don’t know how to avoid cyberattacks.

Employee education (coupled with reliable business continuity solutions) make the difference between smooth day-to-day operations, and, “We’ve been hacked again!”

YOU MIGHT ALSO LIKE:  Why You Need Cybersecurity Training During COVID-19

Robert Douglas is the founder and President of PlanetMagpie, an IT consulting agency in Silicon Valley. Robert has over 30 years of experience in IT security, as well as cloud storage and Microsoft solutions. He has consulted directly with Microsoft, IBM, Novell, and been cited as a professional IT source by the New York Times, CNN Money, Fast Company, and the San Jose Business Times.

YOU MIGHT ALSO LIKE:  12 key findings from Datto's 2020 Ransomware Report