Security isn’t always top of mind, especially when it comes to your employees. Make sure you and your employees aren’t doing any of these six things.
We’ve all had that “kick yourself” moment after something you had a second thought about tragically comes to fruition. We know it could have been prevented, and it was just plain stupid not to have taken the simple steps needed to prevent the mistake.
We take a lot for granted as humans, especially when it comes to securing our data. In fact, did you know that in your office right now it’s likely that 40% of your employees have their passwords stored on their devices in a Word document? Almost half! Not so secure right?
Despite all the cyber security threats you hear about in the news, the simple fact is that the people within your business are far more of a threat than any software application that you are using. If you’ve ever had second thoughts about your company’s cybersecurity, take a few minutes to check yourself and make sure that you are NOT doing any of the following:
You Keep the House Keys Under the Front Door Mat
What do I mean by this? Well, take a walk around your office and take note — do you see a lot of sticky notes on monitors? Little reminders pinned up on boards?
With so many devices and applications, remembering all of your different passwords can be a challenge. That’s why many professionals keep them within hands reach (just like that house key under your mat).
But like your unassuming key, keeping passwords out in the open can lead to a serious data breach. Make sure your teams are keeping their desks neat and tidy and if they must write down their passwords, they are kept under lock and key when they are not physically there.
Your IT Folks Regularly Use Default Passwords Because It’s Easy
Password insecurity is more common than you think, especially because in order to keep passwords so secure, you aren’t supposed to save them on a device or even write them down. That’s why many IT professionals resort to keeping default passwords for common devices around the office (it’s just less of a hassle than a password reset).
Keep in mind that the top 10 most-used password list has barely changed in the last five years and cybercriminals are counting on that. Make sure that every device with any kind of Internet connection is not set with its out-of-box default password.
You Do Not Mandate How Passwords Are Structured
Passwords are like paint colors — hard to choose and sometimes you need a little guidance. That’s why it’s critical to ensure that your employees are not only changing their passwords regularly, but also creating them with a recommended structure like a combination of pass phrases, numbers, and upper and lower-case letters too.
Requiring that passwords are created with specific structures in mind can help strengthen what might otherwise be very obvious password selections such as names of pets or important dates in their personal lives. An eight-character password using only upper- or lower-case characters has 200 billion potential combinations, but an eight-character password using a combination of upper and lower-case letters has 53 trillion potential combinations.
You Don’t Provide Frequent Training (or Follow-up Training For That Matter)
When was the last time you provided security training for your employees? Have you ever?
Or, are you like most business owners who think that the bases are covered with your anti-virus software, and clearly your employees know more about technology than you do.
The rules are changing all the time, so regularly training your users and keeping them up-to-date on breaking threats is not only important, but your responsibility. We all scoff when the flight attendant reminds us that are seats are flotation devices, but it’s not a bad reminder, especially if things get a little wet.
You Rule With An Iron Fist (Lots of Rules With Little or No Explanation)
Strict security policies should also come with a little back story on why they must be followed.
Let’s face it—no one likes being told what to do; give your users a little credit. Sometimes understanding the “why” behind an in-house IT rule will help it be more accepted.
A university study, Technology Use: Conceptual and Operational Definitions, showed that explaining why when training about phishing attacks lead to less clicks on phishing emails.
You Don’t Actually Enforce the Rules You Have Created
A report from Solarwings, Cybersecurity: Can Overconfidence Lead to an Extinction Event?, reports that only 32% of companies enforce and regularly check their security policy. That means that 68% of businesses are not. While some might argue that rules are made to be broken, that is definitely not the case when it comes to your company’s critical information. As they say, “speak softly” (explain the why) “but carry a big stick.”
Don’t leave security to chance.
Want even more tips? We've put together a free eBook with everything you need to know to keep your data safe, The Business Guide To Ransomware. With information on how malware is spread, the different kinds of ransomware, and what you can do to avoid or recover from an attack, you'll be armed and ready to keep your information safe and secure.