Employees are the lifeblood of your business. Without them you really couldn’t do what you do. They are the folks that produce your widgets, sell your services, answer your phones, manage your team, and just really keep the ball rolling. Yes, your people are the heart and soul of your business; but they also represent your most substantial and sustained cybersecurity liability. Afterall, it just takes one employee to click on an errant link to bring your organization to its knees.
Employees are cybercriminals’ favorite targets. They are accessible, they are often under-trained in cybersecurity best practices, and many lack awareness of potential threats. At least 25% of employees are unable to identify key markers of a phishing email; not to mention that bad actors are also evolving in how well they can mask themselves (and will continue to get better at it thanks to AI).
So where do the dangers lie and how do you keep your employees – and thus your business – safe from the onslaught of cyberthreats?
Many third-party applications possess inadequate security measures. Employees also are sometimes dismissive of the need to vet third-party apps prior to downloading or in keeping up with regular updates – negligence that may allow malicious actors access to sensitive data. App stores may also lack basic privacy protections, which may result in data being shared or stolen.
While the relative end to the pandemic sees many workers back in the office, a substantial number of the workforce still works remotely at least part of the time. WFH provides a number of benefits to a business and its employees – like decreased overhead expenses and better work-life balance. But this relative employee autonomy can have a dramatically worrisome effect on an organization’s cyber safety. WFH employees operate outside of the constraints of physically-present leadership and can devolve in their adherence to best practices and protocols.
Remote employees often work from public spaces, like coffee shops, where they connect to the public Wi-Fi network. This can be particularly risky, as these networks are mostly unsecured and easily accessible. Public Wi-Fi are also notably susceptible to malware due to essentially unfettered access.
Anemic passwords may be the number one access risk to your business. Create a strong password policy that requires unique passwords for each account and regular updates.
With the exception of your marketing team, there is really no reason for employees to visit social media sites while on their company computer. Popular social media sites are hotbeds for hackers who are skilled at eliciting information from unsuspecting (and perhaps naïve) users, allowing them access to all kinds of personally and potentially work-related information.
Beyond forbidding social media engagement on the clock, be sure to educate your employees about social media best practices and the red flags they should be aware of, even when engaging on their own time.
Employees who have access to sensitive company data like financial records, customer profiles, and proprietary information pose a heightened risk and therefore need to adhere to advanced cybersecurity protocols. Beyond the threat external bad actors pose, internal employees can leverage their high-level access to commit theft, fraud or illegal disclosure of company secrets. Install control measures that limit access to specific data to only those who inherently need it to perform their job functions. Also be sure to subject these employees to higher expectations, standards and oversight related to training and user adoption.
Employees are often oblivious to the risks their online behavior poses to your business. To mitigate the threat, your employees need to participate in thorough and sustained training related to phishing awareness, password protection, third-party application protocols and a slew of other cybersecurity best practices.
Create a Cybersecurity and Data Privacy Strategy to train employees on cyber risks and how to avoid them. Consider regular cybersecurity awareness training and cyber safety a main tenet of your company culture.
Click here to read “Cybersecurity Program: Where Do I Start?”