Today, companies are increasingly adopting innovative cybersecurity and privacy safeguards. They make every possible attempt to safeguard the sensitive information on the company’s network and as a result every year billions of dollars are spent on upgrading and installing latest security systems across US. Though, efforts are made to circumvent security threats but the fear of Cyber-attack still haunts even the largest firms that use sophisticated security solution. What could the reason probably be???
According to a 2017 Insider Threat Report, 74 percent of companies feel that they are vulnerable to insider threats, with 7 percent reporting extreme vulnerability. This clearly means that human error is one of the leading causes for IT security breach. Laxity on the part of employees can pose serious threat to company’s databases and digital information. Here are some common information security mistakes that employees often make.
- Common Passwords – The most common mistake the employees make is use of very simple and predictable passwords. Employees often set passwords like ‘password123’, ‘name. birthdate’ that can be guessed without much effort. Malevolent attackers can gain access to sensitive information of the organizations that use a single sign-on system. This makes meticulous password protection indispensable, as a strong, unusual password can deter attacks to some extent. Also, there should be different passwords for different login credentials.
- Using Insecure Devices & Networks – With the proliferating BYOD (Bring Your Own Device) culture, devices are increasingly being connected to networks of the company. Often, employees neglect the company’s security measures and go ahead with downloading stuff and applications. It becomes easier for the third parties to exploit the company’s sensitive information when insecure applications are introduced into the company’s network. Also using unknown network sources and Wi-Fi connections is a serious threat to information. These risks can be extenuated by adhering to minimum security standards on all devices connected to the company’s network.
- Opening Junk E-mails – Email attachments sent by people you don’t recognize and have an illegitimate domain are more likely to be a spam or malware. To prevent any information loss, immediately send the email to your email administrator for verification. Also do not forward the email to anyone else in the organization as that may increase the chance of a malicious attachment being clicked accidently.
- Unnecessary Users – More the number of users who have access to sensitive information, more are the chances of security breach. User privileges should be given to few trusted members only.
- Negligence in handling Sensitive Information – Employees are unable to remember passwords and login credentials for various programs, and delinquency in handling them can pose serious threat to company’s informational sources. Having no passcodes or same passcodes that pass on for years is risky. Printing sensitive information, writing down passwords on sheets, whiteboards or Sticky notes can cause a serious Security Havoc.
- Disabling Security Features – Some employees intentionally disable the security features. If these employees have access to administrative privileges, then it can be deleterious to the crucial information on the company’s network. To prevent this, it is important to educate users about security measures, their purpose as well as the terms and conditions.
- Clicking on Advertizements – It is an Ad-Mad world, but in the plethora of online advertizements, not all ads are harmless. Clickbait advertizements often lead to a site with malware, making it easier for the attacker to access sensitive information and database. Educate your employees about how to identify ads which have dubious content.
- Phishing Bait – Phishing is done to obtain sensitive information such as usernames, passwords and credit card details by disguising as a trustworthy site. Employees must be vigilant and should open only those links and attachments that come from a trusted sender. One can also check URL of a webpage before entering any login credentials.
Follow these simple security hacks as a part of cyber security defense mechanism -
- Imparting data security training and awareness to employees.
- Installing data loss prevention software.
- Full encryption of devices.
- Minimizing Access rights and privileges
We, at Centex Technologies, provide IT security solutions to all types of business firms. For more information, call us at (972) 375 – 9654.