Schedule a Consultation Today (614) 484-0918

Posted by A-Jay Orr

7 Security Mistakes Employees Make Every Day

When Verizon released their Data Breach Investigations Report for 2014, they revealed  an interesting statistic. About 58 percent of cyber security incidents in the public sector were caused by (drum roll, please)…


34 percent of cases were accidental and 24 percent were malicious. BakerHostetler released a similar report for 2015 and according to their research:

Employee negligence is the biggest cause of data breaches, out-performing theft, malware and phishing attacks.

You can encrypt your data and invest in the latest technologies to safeguard your organization, but what about employee oversights and internal ill-intent? It’s time to ask yourself — are your employees making these 7 security mistakes?

1. Not Changing Passwords

The obvious initial offense is failing to properly password protect company data. Here’s how they’re accidentally botching your business’s first line of defense (the last bullet point’s a big one):
  • Using weak passwords that are easy to decode
  • Forgetting to regularly change passwords
  • Repeatedly recycling the same passwords
  • Posting their password on a sticky note next to their monitor
  • Allowing browsers to memorize usernames and/or passwords

2. Not Reporting Oddities

Sometimes, our devices do weird things, and we chalk it up to a “glitch” or assume it’s some sort of normal technological inconsistency when in fact, it’s malware or a virus, silently boring a hole through your network. Educate your employees on how to recognize when oddities are a warning sign and urge them to immediately report the issues to your vCIO or IT department. And IT people…be nice to your co-workers, even if their questions are silly!

Malware symptoms

  • Your default homepage automatically changes to something other than your preference
  • Search results keep sending you to the same weird site
  • Firewall and antivirus programs automatically and repeatedly turn off
  • You cannot access secure websites
  • You cannot update your anti-virus
  • You have pop ups
  • Your computer speed significantly slows
  • Strange icons or new shortcuts appear on your desktop
  • New programs appear in the add/remove programs section of your control panel
  • New favorites appear on your favorites toolbar
  • Performance issues occur within your windows programs
  • Instead of receiving a 404 error page for unfound websites, you are redirected to a strange site
  • Your firewall keeps alerting you
  • You see emails bouncing back that were sent without your consent
  • Weird toolbars appear in your web browser
  • You see charges on your phone bill for 1-900 numbers
  • Spyware elimination programs like Spybot or Adaware, or Windows Task Manager will only pop up for a moment before disappearing
  • The Java console appears in your task bar despite not having run any Java software

Virus symptoms

  • Strange messages or displays on your monitor
  • Weird sounds or music that plays on your computer at random
  • Disappearing device memory
  • Disk or volume name has been changed
  • Missing programs or files
  • Unknown programs or files that appear on your computer
  • Files that become corrupt or don’t work properly

3. Clicking Foreign Email Links

Employees are still neglecting to exercise caution when they receive an email link. In their defense, cybercriminals are coming up with some impressive disguises. But regardless, your employees need to consider two things before even thinking about clicking an email link:
  1. Check the sender’s email address. Does it make sense? E.g. if the subject line and message claims to be from Chase Bank, but the sender’s email is from a gmail account — the email is definitely a scam.
  2. Check the body of the email for broken english or major grammatical errors. In most cases, email attacks come from over seas.

4. Not Adhering to the Company BYOD Policy

Nearly 50 percent of companies that allow BYOD have experienced a data breach. And 30 percent of employees admit their organization doesn’t even have a BYOD policy! Your first mistake is allowing BYOD and not having a strict set of guidelines for employees to follow. But even if you do, here’s where employees go wrong:
  • They interact with unauthorized applications like personal email, online banking, online bill paying or online shopping.
  • They allow family members to use their work device (hands off, kids).
  • They sell an old device without wiping it clean, leaving potentially confidential information behind.
  • They don’t report security problems to their organization.

5. Leaving Workstations Logged in and Unattended

It’s worth repeating…24 percent of employee-induced cybersecurity breaches are of malicious intent. And one of the ways employees get away with this sort of crime is by using someone else's computer to menace. Employees need to make logging out a habit. Better yet, set up each computer station to automatically log users out after a predetermined period of inactivity.

6. Sharing Login Credentials

Refer to number 5. Sharing login credentials is like handing a bad employee a crutch. If they’re looking to maliciously jeopardize your confidential information — snagging someone else's login credentials is their free ticket in and out.

7. Not Keeping Programs Up to Date (i.e. Java, Adobe, etc.)

Software isn’t perfect, and as the world evolves, so too must programs to account for changes. Updates get a bad wrap because at times, they can do funny things to your devices. But each time an update is offered, there’s usually a new security patch included. Failure to keep up with these updates means your employees are leaving programs (and subsequently, computers and attached networks) unnecessarily susceptible to attacks.

Even if you do everything in your power to protect your business, a cyber attack is a possibility that should not be taken lightly. Consider partnering with a vCIO for added security and support. A vCIO will not only conduct regular assessments to ensure the gaps in your security strategy are closed, but they will also lead resolution should a breach occur.