Cybercriminals are targeting businesses now more than ever, especially since businesses have so much to lose regarding data and financial information. Unlike individuals, companies have more resources to steal. They also experience more liability since there are often multiple users on business networks. Users can make mistakes because of social engineering designed to mimic real messages, pop-ups, phone calls, and more.
Human beings often make silly (and preventable) mistakes, whether it be absent-minded clicking, falling for scammer tricks, or mishandling data. Here are the top ways staff errors can lead to costly cyber attacks against your business.
1. Using Weak Passwords
One of the most basic tenets of proactive cybersecurity is to ensure all users have strong passwords. These should be unique passwords they don’t use elsewhere, as leaked login info from other websites can be plugged into your system via credential stuffing. There is a market on the dark web to buy and sell leaked personal information, and you never know which of your passwords have been compromised. Passwords should be:
- Between 8 and 12 characters long.
- Feature special characters.
- Include numbers that would be difficult to guess (ie. not “1234”)
- Exclude things like names that can be found easily on the internet.
- Reset often for added security.
How To Mitigate the Risk of Weak Passwords
A great way to reduce the risk of weak passwords being compromised is to talk to your IT manager about requiring routine password resets for all staff. This is a great opportunity to educate staff about good password practices and add requirements on company portals or servers for strong passwords. This is especially important for administrators and those with access to sensitive data and financial information, as weak passwords, are easy for hackers to take advantage of.
Another way to mitigate the risk of weak passwords is to require multifactor authentication (MFA). This requires users to prove their identity by using a secondary device, email or security application that sends a verification code for added security. Applications like Duo can help with this added layer of security and simply add a personal cell phone number to receive a texted code.
2. Falling for Phishing Scams
Phishing emails are an easy way for hackers to gain access to their victims' personal information. These are spoofed emails that are designed to impersonate someone you know to manipulate your trust and get you to do what hackers want. This can look like a boss reaching out asking for favors or personal information or even a family member like a spouse or child.
There are several other variations of spoofed communications similar to phishing. These include:
- Smishing - fake messages or texts.
- Vishing - phone calls using AI voice impersonation or scammers calling you directly.
- Pharming - spoofed websites designed to look like real ones that contain malware.
- Quishing – QR codes that lure you to sites where hackers can steal your data and infect your device with malware.
To read more about these methods of cyber attacks, check out our blog Ask The Expert: Vishing, Phishing, Smishing – What You Need to Know.
How To Train Staff on Phishing
It’s important to involve staff in your cybersecurity readiness. The good news is, there are many resources to create staff training on email security. Provide short, consumable training required at least once yearly to teach staff how to spot and report phishing emails. These should be easy to understand, concise, and informative for staff so they know exactly what to do – and what not to do – if they receive a suspicious email, message, or phone call.
3. Mishandling Sensitive Data
The HIPAA Journal listed “improper data disposal” as one of the main causes of healthcare data breaches. Although a common issue in the healthcare industry, this can cause cybersecurity risks for any business. When staff don’t handle sensitive digital information correctly, it can be leaked to the public. This can make you vulnerable to cybercrime without your knowledge, making it important to go over proper protocol for managing sensitive data with your employees.
Mismanaged Printing of Sensitive Documents
A big liability for businesses in legal and healthcare is irresponsible printing practices. When documents containing sensitive information are faxed or printed out automatically, copies are often abandoned in print trays. This is a risk for HIPAA-protected data and legal documents, as they should not be left out for anyone walking by the printer to pick up.
For this reason, it's crucial to look into printing solutions that reduce this risk, such as eGoldFax, a cloud faxing solution that requires users to intervene to retrieve faxed documents. uniFLOW is another solution for cloud-based printing that securely streamlines printing to save time and paper. To read more about how uniFLOW offers a secure solution to printing, read our article about it: What is uniFlOW Online?.
Evaluate Your Organization’s Cyber Readiness
Now that you have learned the biggest mistakes to look out for look at your business’ cybersecurity strategy. Implementing frameworks like Zero Trust can help you gain an edge against cyber criminals so they move on to target someone else. To learn more about the steps to creating a cybersecurity plan, read our blog: 7 Cybersecurity Essentials To Check Off .
