April 2020 - Main Article:
Employees Are Letting Hackers into Your Network By Doing These 5 Things… Here is What You Can Do to Stop It!
If you run a small business, you are a target for cybercriminals. At this point, it is just a fact of life. Hackers, scammers, and cybercriminals of all kinds target small businesses because they are plentiful, and more often than not, they lack good cyber security (if they have any at all). Here’s the kicker: these criminals don’t need to use malicious code or advanced hacking skills to get what they want. In reality, many of them target your biggest vulnerability: your own employees.
It is a sad truth, but every day, employees of small businesses let hackers right in because they don’t know better. They see an e-mail from the boss, open it and click the link inside. By the time they realize they’ve made a mistake, they’re too embarrassed to say anything. From there, the problem gets worse. Actions like this can end in DISASTER for your business.
The problem is that most employees don’t have the training to identify and report IT security issues. They aren’t familiar with today’s threats or they don’t know to not click that e-mail link. There are many things employees are doing – or not doing – that cause serious problems for small-business owners. Here are five things people do that
allow hackers to waltz in through your front door.
-
- They don’t know better.
Many people have never been trained in cyber security best practices. While some of us may know how to protect our network, safely browse the web and access e-mail, many people don’t. Believe it or not, people do click on ads on the Internet or links in their e-mail without verifying the source.
This can be fixed with regular cyber security training. Call in an experienced IT security firm and set up training for everyone in your organization, including yourself. Learn about best practices, current threats and how to safely navigate today’s networked world.
-
- They use bad passwords.
Many people still use bad passwords like “12345” and “qwerty.” Simple passwords are golden tickets for hackers. Once they have a username (which is often just a person’s actual name in a business setting), if they can guess the password, they can let themselves into your network.
Many security experts suggest having a policy that requires employees to use strong passwords. Passwords should be a mix of letters (uppercase and lowercase), numbers and symbols. The more characters, the better. On top of that, passwords need to be changed every three months, and employees should use a different password for every account. Employees may groan, but your network security is on the line.
-
- They don’t practice good security at home.
These days, many businesses rely on “bring your own device” (BYOD) policies. Employees use the same devices at home
and at work, and if they have poor security at home, they could be opening up your business to major outside threats.
How do you fix this? Define a security policy that covers personal devices used in the workplace, including laptops, smartphones and more. Have a list of approved devices and approved anti-malware software. This is where working with an IT security firm can be hugely beneficial. They can help you put together a solid BYOD security policy.
-
- They don’t communicate problems.
If an employee opens a strange file in an e-mail, they might not say anything. They might be embarrassed or worry that they’ll get in trouble. But by not saying anything, they put your business at huge risk. If the file was malware, it could infect your entire network.
Overcoming these threats falls on proper training and education. Phishing e-mails are easy to spot if you take the time to do it. Look at the details. For example, the CEO’s e-mail might be [email protected], but the scam e-mail is from [email protected]. It’s a small but significant difference. Again, it’s all about asking questions and verifying. If someone isn’t sure if an e-mail is legit, they should always ask.