They say you’re only as strong as your weakest link. This couldn’t be any more accurate when it comes to the strength of an organization’s cyber security. Even if there are knowledgeable IT professionals within the organization, and most employees are trained in
In order to avoid your organization from falling victim to a cyber attack it is important you understand why your employees are likely failing to protect your digital assets
Lack of awareness
Ransomware is one of the biggest
Clicking without thinking
This is incredibly broad, but encompasses nearly every aspect of cyber security. Opening unknown emails, or clicking on malicious attachments is how many forms of malware are delivered. Employees must be aware of how to spot spoofed emails to avoid clicking on malicious attachments.
This is incredibly common, primarily on social media. Employees will share the names of their children, pets, parents, and employers on social media platforms. Often times, the information shared is what people opt to use as passwords. Not only are employees putting their personal accounts at risk by sharing this information, but they are likely using the same passwords at work as well — potentially exposing your network to attack. This brings me to my next point…
This is just a bad idea, but is incredibly common. Many users deploy the same password for all of their accounts. This is great for the user, because they only have to remember one password. It is also great for the cyber criminals because they only need to crack one password to gain access to every program and network that employee had access to. It’s important as an employer, you establish password best practices. A few suggestions for these best practices can be found below:
- Require employees to change their passwords every 6-8 weeks
- Mandate the passwords be at least 9 characters, using upper and lower case, numbers and special characters
- Discourage reusing passwords for different programs and/or login credentials
- Write a password policy stating employees are not to write down or save passwords, nor are they to share them with other employees
This is more common than one may think, especially if the program only allows for a certain number of users. This leads employees to share login credentials with one another, creating a major security risk. Why? For many of the reasons we’ve listed above.
The password John just shared with Sheila likely used for other programs he as well. There also may be legitimate reasons why Sheila doesn’t have access to the program or network to begin with. It is imperative, as an employer