IT

Bad Employee Habits That Could Get You Hacked

Written by Thomas Coon

While you’re updating your cyber security defences, keep in mind that hackers are constantly trying to think of new ways to outsmart them.  While you invest a lot of money and time into the latest security software, cyber terrorists have another easier vulnerability in their sights: your employees.

When it comes to cyber security, your employees are your biggest liability. Thanks to bad privacy habits and general laziness of their workers, a lot of companies have suffered otherwise-preventable breaches.

Being aware of the different mistakes your employees can make is the first step to preventing them. That’s why we’ve made a short list of the commonest ones:

Not Protecting Email

The majority of office workers can’t be bothered to activate two-step verification for their email accounts. As a result, if hackers get a hold of an employee’s log-in credentials, they will have complete access to his/her mailbox. This way, a hacker can look up correspondence with clients and easily retrieve sensitive information including physical addresses, names, phone numbers and even payment information.

Having two-step authentication adds another layer of security. It means that just the log-in credentials aren’t enough to gain access to an account.

Having Simple Passwords

A lot of the times employees use passwords that are very easy to guess. In fact, ‘123456’ and ‘123456789’ are the most popular choices. Furthermore, stats show that the majority of people use one of the 25 commonest passwords, which makes a hacker’s job quite easy.

A lot of the time, companies allow employees to create their own passwords when accessing web applications. In that case, it’s of the utmost important that management emphasizes the importance of strong passwords that contain a mixture of letters, numbers and symbols.

If your company depends on a lot of cloud applications, it might be worthwhile to conduct web application penetration testing. This will let you determine how easy it is to hack into things like shared databases.

Not Having a Healthy Amount of Scepticism

Having employees who are gullible can make your company quite vulnerable to phishing schemes and social engineering. These methods involve hackers posing as trusted sources and trying to elicit confidential information from employees or getting them to download viruses.

For example, a phishing email could appear to come from an IT person within the company, asking to confirm log-in credentials. Or the email could contain a link for a password reset which instead causes the employee’s computer to download and install a malicious program.

The best way to reduce the amount of naivety is by holding routine cyber security education sessions.  During these sessions, employees should be made aware of the different phishing methods that hackers could employ. In addition, employees should be instructed on what kind of privacy practices can help reduce the risk of a data breach.

Both role-playing and ethical hacking sessions can truly give you a picture of how well-prepared your workers are. That latter is quite easy to arrange. When it comes to penetration testing Sydney offers many reliable agencies that’ll scan all of your defence systems and protocols and help you come up with effective strategies to minimize human error. 

Employees with bad habits are the biggest liability when it comes to cyber security. The most advanced cyber security software in the world isn’t going to protect your sensitive data if your employees aren’t careful when handling it.

About the author

Thomas Coon

Leave a Comment