With security awareness training only just creeping up on businesses, end users are still way behind when it comes modern cyber threats. They're still making the same old mistakes - but what are they? Here's a list of our top 5 mistakes that your employees are still guilty of on a daily basis.
The repercussions of bad cyber security practice seem to be staring us all in the face a lot more in recent times, especially with the publicity of recent breaches. But it isn't just powerhouse organisations such as Google, PayPal and the NHS that are feeling the burden -- companies of all sizes are still holding the door wide open to potential attacks.
It's more important than ever to ensure that all end users are made aware of what their actions (or lack of) could result in for the business. From CEO to lower level employees, simple cyber security mishaps are taking place at all levels.
So, we've picked 5 of the most basic and most common mistakes your users are making day-in, day-out...
#1 They trust emails too much
No matter how old or how simple a social engineering trick might be, there's always a number of people who can/will fall victim to the scam. There can be a number of reasons as to why this is -- from an employee powering through a mountain of emails, to someone never having received awareness training around such security risks. Partner this with the fact that scams (such as phishing) are becoming much more sophisticated and cunning, then the issue of employees failing to question the emails they receive can become a significant problem for a business.
The reality is, more employees should be encouraged to question the emails they're getting. Of course, putting every email that pops into our inbox under a microscope isn't the answer. But there are telltale signs that can be spotted in fraudulent emails and messages, and if the end user is able to spot them, then your human firewall can boast some added strength.
#2 "It would never happen to me anyway!"
When it comes to cyber security, one of the most common misconceptions that many users have is that technology keeps us fully out of harm's way. Of course, IT security is vital for businesses, but it will never offer a full level of security. There's also the mindset of "a hacker wouldn't target us" -- which is a scary thing to hear from IT leaders and it couldn't be further from the truth.
But with spear-phishing taking aim at the C-suite, and mass-automated phishing attacks targeting any user unwittingly ready to take the bait, the simple fact is, everyone is a target. This level of complacency provides some added worries as most employees actually have much more company-sensitive information stored away than they realise.
It's important to raise awareness of the fact that we all have valuable company data, and that cyber criminals don't discriminate towards job roles and functions. Add to that the possibility of opening a gateway for ransomware, then company, operations, reputation, and finances, really are at risk with any employees actions.
#3 "ANOTHER software update?!"
Perhaps it's down to cyber security fatigue, but many of us seem to shun notifications of software updates with a heavy sigh. After all, whether we're on our laptop, desktop or mobile, our needy apps and devices always seem to require our attention. But there is a wide failure of understanding just how big the risks are of not updating our devices, especially during work.
Failing to update our software leaves the door wide open to attackers looking to take advantage of out-of-date flaws. Look at the recent WannaCry Ransomware attack on the NHS, and you have a perfect example of the kind of risks that come with not properly configuring automatic operating system updates for all PCs.
#4 Their passwords are weak
The days of people writing passwords on post-it notes is hopefully more of a thing of the past than it is the present. But with the average person now needing 22 separate passwords in their combined professional and personal life -- our heads are scrambled. That's one reason why so many users are repeating the same old password on multiple sites and devices. Not only are they repeated, but they tend to be more generic and easy to guess passwords (123456 and qwerty spring to mind!).
For online criminals with access to huge computing power via the dark web, brute-forcing passwords are increasingly fast and easy. According to Forrester, 80 % of all attacks involve a weak or stolen password. Good news is -- more web providers are forcing users to create more complex passwords. But for the ones that aren't, the use of a password manager can be a good way of avoiding repeated or easy to guess credentials.