The beginning of the year may mark new changes, but some things always seem to stay the same. Case in point: the ever-present threat of cyber criminals and malware. In fact, Malwarebytes CEO and Forbes contributor Marcin Kleczynski predicts 2018 will be just as bad for cyber security as 2017 was. And why shouldn’t he think that?
Ransomware remains as effective as ever.
Malware tools are becoming more advanced with the help of artificial intelligence, and cyber criminals continue to grow more sophisticated. It’s imperative that small and medium-sized businesses do everything they can to shore up defenses and safeguard their data. That means identifying any lingering weak points in their cyber security plan and fixing them. Your employees may represent the most damaging vulnerabilities, rather than just looking to technological oversights. This is why security training is essential.
Employees: The cyber security plan X-factor
Even the most diligently crafted data security plan may not be able to fully account for the impact that staff members have on security posture. Employees have a powerful effect on cyber security that can be incredibly positive or negative.
Employees who have received training on cyber security best practices can spot common red flags, and will be an asset to your organization. Conversely, staff members who haven’t been trained may be liabilities. Especially if they continue to make risky decisions while on the job.
What kind of behavior is considered risky?
Here are a few of the most routinely observed things employees do that threaten the integrity of their companies’ cyber security plans:
Using poor login credentials:
- Remembering every single password for each user account can be a real pain. That’s why so many people go with easy-to-remember passwords like “123456” or simply “password” when setting up their login credentials. In fact, those two specific phrases were the most commonly used passwords in 2017. Employees who use such obvious passwords are practically begging for data thieves to compromise their work accounts. Another problem you might see is staff members using the same password for multiple accounts. If one is cracked, it could put the others in jeopardy.
Clicking on bad links and emails:
- Odds are that at some point, your employees will receive an email containing malware. The only thing standing between your network and a harmful intrusion is your staff’s ability to identify the threat. The quality of phishing emails can vary wildly, from blatantly fake to incredibly convincing. To protect against these kinds of threats, a good rule of thumb is to not download any attachment or click on any link unless you absolutely trust the source. Even then, it’s good to exercise some healthy skepticism if something about the emails seems off just in case the sender’s email account has been hacked.
“Good security hygiene begins with strong, comprehensive training.”
Good security hygiene begins with strong, comprehensive training.
If you haven’t briefed your employees on cyber security best practices and what threats to look for, be sure to get them up to speed as soon as possible.
Provide yourself a safety net in the event that a threat breaches your defenses. SIEM-as-a-Service data security solutions enable businesses to spot suspicious activity that might otherwise evade security tools. They provide business leaders with peace of mind knowing that if a data breach does occur, it will be quickly addressed, minimizing damage.