Don’t let ignorance be an excuse. Train your work force about the ins and outs of cybersecurity.

Humans occasionally commit mistakes through lack of knowledge, over confidence or negligence, that can be extremely dangerous to an organisation – even more than they, most of the time, realise. Human errors were the cause of around a quarter of data breaches in the past two years. Employees’ cybersecurity mistakes can lead to disruptions in operations, loss of revenue and ultimately a negative effect on the organisation’s bottom line.

Organisations need to strive to prevent employees from making such mistakes, as it is much more practical than remediating consequences. In this article we take a closer look at the ins and outs of cybersecurity awareness training.

Human error – Employee Cybersecurity Mistakes

Despite the implementation and maintenance of sophisticated security systems, employee cybersecurity mistakes can cause an organisation irreparable harm. Using very weak passwords is a common mistake. Companies are increasingly enforcing their password management policy and the vast majority introduced additional security measures such as two-factor authentication.

Keeping default passwords is as bad as opting for a weak password. Both can lead to hackers easily accessing accounts through brute-force attacks (whereby passwords are ‘guessed’). Using past passwords, creating passwords which contain personal information or simple sequences, are often a recipe for disaster. In addition, employees need to keep passwords stored safely; ideally using a reliable password manager with a strong encryption function. IT departments need to set rules such as the expiry period of passwords and storage of such passwords.

Common mistakes we’ve seen in organisations we assessed included the use of the same password for multiple accounts, the sharing of passwords via email or messaging services and not changing passwords for a long period.

When employees work with huge amounts of data on a regular basis, the likelihood of a mistake that paves the way for a data leak is more likely. Workers need to understand the value of the data. Negligence, tiredness, lack of focus, limited knowledge about cyber security threats are all reasons that lead to disaster. Handling of sensitive data, should be backed by SOPs about: deletion of files, sharing rights, communicating such files, change to these files, taking regular backups and sharing with authorised recipients.

Organisations should keep an inventory of all software installed on their networks and workstations. A common occurrence we’ve come across, is the use of outdated and unauthorized software. These are an open invitation for hackers to exploit vulnerabilities and holes. Workforces need to be educated on the importance of software updates, enabling of security features, and avoidance of installing cracked software. Habits and excuses for negligence, such as ‘I didn’t know’, ‘I have too much work’, ‘I don’t have time’, pose a serious threat to the safety of systems, applications and data of companies.

Lack of cyber security knowledge can cause a crisis in an organisation. Hackers are always ready to steal credentials, get unauthorised access to data and place malware inside a system, with the facilitation of internal stakeholders. This can be done maliciously or unintentionally because of lack of knowledge about the security procedures and possible repercussions.

Employees can fall victim of phishing attacks or malware, which are commonly used by hackers to access company data. Lacking knowledge, employees can follow suspicious email links and attachments, perform unauthorised system changes and use carelessly public connections (ex. WIFI) without a VPN.

Breaches and blackmails by cyber criminals shake employees confidence and as a result the overall sentiment and productivity levels plummet.

How to train your team

Train your staff in identifying threats and hackers’ tactics to stop these criminal efforts. Employees need to firstly understand the threats, secondly the way these are pushed by hackers and thirdly how to avoid or defend against them.

Cybergate’s cybersecurity awareness training covers a number of areas, namely: techniques such as Phishing and its variations Vishing and Smishing, Malware and Ransomware, Password Security and Social Networking Dangers.

Educate your workforce. Be proactive, and create a safer working environment. Speak to us today!