Top 5 Reasons Your Employees Struggle with Cyber Security

They say you’re only as strong as your weakest link. This couldn’t be any more accurate when it comes to the strength of an organization’s cyber security. Even if there are knowledgeable IT professionals within the organization, and most employees are trained in cyber security risks — it only takes one. One person to click on one wrong thing that could lead to the corruption of an entire network.

In order to avoid your organization from falling victim to a cyber attack it is important you understand why your employees are likely failing to protect your digital assets to begin with.

Lack of awareness

Ransomware is one of the biggest cyber security threats; yet, most computer users have no idea what it is or how to identify it. Users also lack the knowledge of “what to do next”. This means, if they do see something on their computer, or click on something they shouldn’t, what do they do next? Often times employees pretend it never happened. This is the worse possible response, as it could allow for the malware to spread throughout the interconnected networks. As an employer, you must not only train your employees on cyber security, but also educate them on what to do if their devices become infected.

Clicking without thinking

This is incredibly broad, but encompasses nearly every aspect of cyber security. Opening unknown emails, or clicking on malicious attachments is how many forms of malware are delivered. Employees must be aware of how to spot spoofed emails to avoid clicking on malicious attachments.

Over-sharing

This is incredibly common, primarily on social media. Employees will share the names of their children, pets, parents, and employers on social media platforms. Often times, the information shared is what people opt to use as passwords. Not only are employees putting their personal accounts at risk by sharing this information, but they are likely using the same passwords at work as well — potentially exposing your network to attack. This brings me to my next point…

Reusing passwords

This is just a bad idea, but is incredibly common. Many users deploy the same password for all of their accounts. This is great for the user, because they only have to remember one password. It is also great for the cyber criminals because they only need to crack one password to gain access to every program and network that employee had access to. It’s important as an employer, you establish password best practices. A few suggestions for these best practices can be found below:

  • Require employees to change their passwords every 6-8 weeks
  • Mandate the passwords be at least 9 characters, using upper and lower case, numbers and special characters
  • Discourage reusing passwords for different programs and/or login credentials
  • Write a password policy stating employees are not to write down or save passwords, nor are they to share them with other employees

Sharing credentials

This is more common than one may think, especially if the program only allows for a certain number of users. This leads employees to share login credentials with one another, creating a major security risk. Why? For many of the reasons we’ve listed above.

The password John just shared with Sheila likely used for other programs he as well. There also may be legitimate reasons why Sheila doesn’t have access to the program or network to begin with. It is imperative, as an employer your are educating employees on the risks and potential repercussions of sharing login information.

1,531 total views, 15 views today

(Visited 1 times, 1 visits today)

5 thoughts on “Top 5 Reasons Your Employees Struggle with Cyber Security

  1. Kayla’s password advice is about 20 years old and out of date. When a system requires a password you shouldn’t require password changes every eight weeks and a combination of character types. That approach encourages people to write down their passwords and keep them close to their desks, regardless of the company policy.

    The best passwords are long and easily remembered. My policy requires a 14+ character passphrase, used as a single sign-on password wherever possible. No special characters. No password changes. People remember one passphrase once. That’s it.

  2. A reason why employees click without thinking. Most employees are use to getting emails from people they do not know while at work. At home they double check any emails from people they do not know, but at work that could be the majority of emails they receive. They are use to getting attachments in emails from people they do not know also. Education helps but will not stop that person that has a dumb moment, or your employee that just does not get computer security.

  3. Complicated passwords are needed, but fail to be useful as the only good passwords are the ones you can’t remember.
    The whole idea of passwords is passé.
    Perhaps banking tokens or some other two factor auth is needed.

    • That’s some good insight Chris, password managers can help a bit since they allow you to only remember one complex password in order to access the rest. However, they obviously can come with a risk if your master password isn’t complex enough.

    • “The whole idea of passwords is passé.”

      BINGO! Right on Chris!

      Operating systems can update “automatically” without your consent but “passwords” are NEVER gathered in the Operating System monitoring. Yea, right. Just ANOTHER “boogie man” Big Brother uses to scare you into compliance. Perhaps the “hackers” are the EXACT SAME people proposing the “solutions” – either way they benefit. Vikings CALL IT the Problem-Crisis-Solution cycle. By the way, ever heard of the Axiom: The Best Defense Is A Good Offense? Why hasn’t some coding genius figured out BY NOW how to REVERSE the process to put the “hackers” out of business PERMANENTLY? Simply because TOO MUCH MONEY is involved. Kinda like the revenue lost when Polio was cured. Get the picture? ALWAYS follow the money and ask yourself – Who Benefits? Many mysteries are solved using such methods.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.