The beginning of the year may mark new changes, but some things always seem to stay the same. Case in point: the ever-present threat of cyber criminals and malware. In fact, Malwarebytes CEO and Forbes contributor Marcin Kleczynski predicts 2018 will be just as bad for cyber security as 2017 was. And why shouldn’t he think that? Ransomware remains as effective as ever, malware tools are becoming more advanced with the help of artificial intelligence and cyber criminals continue to grow more sophisticated.
Under these circumstances, it’s imperative that small and medium-sized businesses do everything they can to shore up defenses and safeguard their networks and databases. That means identifying any lingering weak points in their cyber security plan and fixing them. The most damaging vulnerabilities may not be technological oversights, however, but rather your employees.
Employees: The cyber security plan X-factor
Even the most diligently crafted data security plan may not be able to fully account for the impact that staff members will have on overall security posture. Employees have a powerful effect on cyber security that can be incredibly positive or negative, depending on the circumstances.
Those employees who have received plenty of training on cyber security best practices and can spot some of the more common red flags will be an asset to your organization. Conversely, staff members who haven’t been trained on the ins and outs of data security and continue to make risky decisions while on the job, will be major liabilities.
What kind of behavior is considered risky? Here are a few of the most routinely observed things employees do that threaten the well-being and integrity of their companies’ cyber security plans:
- Using poor login credentials: Remembering every single password for each user account can be a real pain. That’s why so many people go with easy-to-remember passwords like “123456” or simply “password” when setting up their login credentials. In fact, those two specific phrases were the most commonly used passwords in 2017, which came as no surprise to cyber security observers.Employees who use such obvious passwords are practically begging for data thieves to compromise their work accounts. Another problem you might see is staff members using the same password for multiple accounts. If one is cracked, it could put the others in jeopardy.
- Clicking on bad links and emails: Odds are that at some point, your employees will receive an email containing malware. The only thing standing between your network and a harmful intrusion is your staff’s ability to identify the threat for what it truly is.The quality of phishing emails can vary wildly, from blatantly fake to incredibly convincing. To protect against these kinds of threats, a good rule of thumb is to not download any attachment or click on any link unless you absolutely trust the source. Even then, it’s good to exercise some healthy skepticism if something about the emails seems off just in case the sender’s email account has been hacked.
“Good security hygiene begins with strong, comprehensive training.”
Good security hygiene begins with strong, comprehensive training. If you haven’t briefed your employees on cyber security best practices and what threats to look for, be sure to get them up to speed as soon as possible.
You should also provide yourself a safety net in the event that a threat breaches your defenses. SIEM-as-a-Service data security solutions enable businesses to spot suspicious activity that might otherwise evade security tools. They provide business leaders with peace of mind knowing that if a data breach does occur, it will be quickly addressed and the damage will be minimized.