Top cyber security mistakes your employees are making and how to prevent them

January 27, 2022

From a cyber security perspective, your employees are often the first line of defence when it comes to spotting and preventing a cyber attack or scam.

Technology exists to keep your network, systems and data safe. However, if your users aren’t sufficiently knowledgeable and trained, don’t remain vigilant, or follow working practices that put your cyber defences at risk, they can be the weak link in the chain.

From poor password security and opening malicious emails to not backing up data or connecting to unsecured networks, your users could unwittingly be putting your critical information at risk.

In fact, the latest Verizon Data Breach Investigations Report found there was a human element to 85% of all breaches analysed.

So, while awareness of cyber security at work and the role that everyone needs to play is increasing, the figures show that too many employees are making simple mistakes that can put their employer’s data at risk.

Here, we outline some of the most common cyber security mistakes that employees make and what you can do to prevent them.

Email security

Email scams are one of the most common cyber security threats, accounting for more than a third of all cyber incidents globally. 

They take many forms, from realistic-looking emails that contain malware to messages that ask users to click on links to download files or visit malicious websites. Some email scams are designed to encourage users to visit websites that hackers use to phish for confidential information.

Such scams are becoming increasingly sophisticated as technology evolves. For example, scammers are also using fake phone calls, web pages, chat messages and apps alongside the emails they send to convince users they are real and come from a trusted organisation such as a bank, Government agency or service provider.

The key to improving your organisation’s email security lies in a combination of technology, awareness-raising and staff vigilance.

Effective anti-spam and mail filtering are vital for keeping your data safe from fraudsters. Microsoft 365 has effective in-built email security tools to help protect users and so do third-party platforms like Symantec, which can prevent malicious emails from landing in your users’ inboxes.

Training your staff so they are aware of the latest scams and techniques and what they should do if they receive a suspicious email will help them to play a role in keeping your business safe and secure from email scammers. And having a clearly defined email security policy in place, and ensuring all your staff read and understand it, will reinforce this.

Password security

Weak user passwords are another considerable cyber security risk for businesses.

If passwords and login credentials fall into the wrong hands, cyber criminals can use them to access your confidential data, including financial information, or infect your network with malware or viruses.

So, having a clear password management policy, along with implementing additional security measures, such as multi-factor authentication, is essential.

Your password management policy should include clear guidelines on how to create and use strong passwords, as well as the process for handling, storing, and sharing passwords.

Common mistakes around password security include creating weak passwords that are easy to guess, using the same password for multiple accounts, writing passwords in plain text or Google Sheets and storing them in unencrypted files, and sharing passwords insecurely in chat messages or by email.

Again, the solution here lies in a combination of technology and awareness. Ensure all your staff know and adhere to the most current best practices regarding password security. And use technology – such as a password manager – wherever you can to keep things under control at a corporate level.

Outdated software

Keeping your organisation’s software and applications up to date with the latest versions is essential. Outdated software often has known vulnerabilities that are all too easy to exploit by hackers, so ensuring you have the latest security patches and updates installed is a must.

Some of the things to watch out for here include your users ignoring software updates, which can lead to data breaches like the WannaCry ransomware attack, which affected devices using older versions of Windows.

Users disabling security features can also put your cyber security at risk, as can downloading unauthorised software to their device.

Again, platforms like Microsoft 365 have built-in security tools that enable your IT administrators to automatically send updates to user devices and control what security features they have access to. They can also prevent and flag any users who visit unauthorised websites (see below) or try to use unauthorised software or applications.

If you’re unsure of what you need to do here, Quintech can help you create and manage a robust cyber security strategy tailored to your business to mitigate these risks and ensure business continuity. From our central base, we can install, update and proactively monitor all computer systems on your network.

Data security

Many of your users probably handle vast amounts of data every day. However, malicious behaviour, negligence, tiredness, lack of cyber security awareness and simple human error can all lead – inadvertently or otherwise – to data breaches which can cause huge financial and reputational damage to your business.

Some of the most common mistakes employees make when handling data include:

  • Accidentally deleting –or making changes to – sensitive files or documents
  • Deleting files without understanding their importance
  • Sharing unencrypted sensitive data
  • Sending sensitive data to the wrong recipients
  • Not backing up critical data

Having an effective backup solution in place is essential. It will ensure that if your original files get damaged, corrupted or lost due to viruses or malware, cyberattack, hardware failure, software faults or human error, your data can be restored.

Website security

While your users will often need to spend time online to do their jobs effectively, browsing malicious or unauthorised websites presents a host of risks to businesses of all sizes.

There are many websites out there that can cause problems, from ones that track user activity or behaviour to those that phish for personal data – such as passwords and financial information – or install malware onto user devices.

There are also parts of the internet – the deep web and the dark web – which include sites that aren’t indexed on the major search engines like Google or Bing, that your users shouldn’t be accessing. These can range from more innocent sites like business databases, academic journals and company intranets all the way down to dark web sites that promote gambling, adult material and illegal activities.

With the correct cyber security management in place, you can set policies that control which sites your users can and can’t access to keep them safe and prevent them from viewing inappropriate content or downloading malicious software. Again, this is something Quintech can help you set up and manage to keep all your users, systems and data safe from potentially harmful websites.

Get cyber security support from Quintech

Building and implementing the right strategy for remote working and cyber security is easier with the right technology partner, and that’s where Quintech can help.

We’ll work with your business to understand your needs and develop the right solutions to help keep your systems, data and users safe.

Drop us an email today at advice@quintech.co.uk or give us a call on 01684 882700 to find out more.