Poor Cyber Security Awareness

Cyber security awareness is the combination of both knowing and doing something to protect a business’s information assets. When an enterprise’s employees are cyber security aware, it means they understand what cyber threats are, the potential impact a cyber-attack will have on their business and the steps required to reduce risk and prevent cyber-crime infiltrating their online workspace.

Mistakes commonly done due to lack of awareness are:

1. Opening Emails from Unknown People

Email is the preferred form of business communication Opening an unknown email, or an attachment inside an email, can release a virus that gives cybercriminals a backdoor into your company's digital home.

Solutions:

1.      Advise employees not to open emails from people they don't know.

2.      Advise employees to never open unknown attachments or links.

2. Having Weak Login Credentials

Repetitive passwords that use personal information, such as a nickname or street address, are a problem. Cybercriminals have programs that mine public profiles for potential password combinations and plug in possibilities until one hits. They also use dictionary attacks that automatically try different words until they find a match.

Solutions:

1.      Require employees to use unique passwords

2.      Add numbers and symbols to a password for increased security.

3.      Create rules that require employees to create unique, complex passwords of at least 12 characters; and change them if they ever have reason to believe that they have been compromised.

3. Having Access to Everything

In some cases, companies don't compartmentalize data. In other words, everyone from interns to board members can access the same company files. Giving everyone the same access to data increases the number of people who can leak, lose or mishandle information.

Solutions:

1.      Set up tiered levels of access, giving permission only to those who need it on each level.

2.       Limit the number of people who can change system configurations.

3.      Don’t provide employees with admin privileges to their devices unless they really require such set up. Even employees with the admin rights should only use them as needed, not routinely.

4. Lacking Effective Employee Training

Research shows the majority of companies do offer cybersecurity training. However, only 25% of business executives believe the training is effective.

Solutions:

Provide annual cybersecurity awareness training. Topics could include:

·         Reasons for and importance of cybersecurity training

·         Phishing and online scams

·         Locking computers

·         Password management

·         How to manage mobile devices

·         Relevant examples of situations

5. Not Updating Antivirus Software

Antivirus updates are important, should be handled promptly and shouldn't be left to employees.

Solutions:

1.      Set up all system updates to take place after work hours automatically.

2.      Don't let any employee, no matter what their title, opt out of this company policy.

6. Using Unsecured Mobile Devices

Every device should be password protected. If a device is lost or stolen, have a point of contact to report this to and steps taken to deactivate the device remotely.

Use endpoint security solutions to manage mobile devices remotely.

Don’t conduct confidential transactions using untrusted public Wi-Fi.