#1: Undereducated in Cybersecurity/Human Error
Even though employees are the greatest asset for any business, undereducated workers can exist as a company’s top cybersecurity vulnerability.
With the widening gap of tech-savvy and tech-illiterate workers, it’s difficult to assess every employee’s understanding of cybersecurity. Employees who are comfortable with Microsoft Office and Google are often thought of as “tech savvy”, but they are usually unaware of the cyber attack tactics hackers use today.
One of the most devastating cyber attacks is spreading ransomware via a computer worm. This attack can easily be introduced by a loyal employee by one wrong click in an email or to a website with malicious software. Worms can infect every device on your entire network, including phones, tablets, computers, and servers. Side effects include encryption, lock you out from everything on your hard drive and rendering your computer system unusable. The scary thing is ransomware and worms can even infect your data backups, depending on how it’s setup.
Since a disaster is just one click away, it makes it even more important to train employees on topics like phishing emails, malicious websites, and company Computer Use Policies. Communication and training are often the best forms of cybercrime prevention.
After all, a system is only secure as its weakest link.
#2: Questionable Ethics
When money gets tight and the bills begin to stack up, people can become desperate. Think about how often people get their credit card stolen at a restaurant. A trusted waiter at a restaurant can easily collect credit card information and use it fraudulently– It’s the same thing with employees are your business.
Your employees often have access to databases, CRMs, billing, email accounts, or servers, and it’d be very easy for them to export data to a USB flash drive to sell or exploit later. Businesses that handle PII (Personal Identification Information), like social security numbers or birth dates, know this all too well. Medical records and social security numbers fetch a pretty penny on the dark web, the digital version of the black market.
However, it’s not just credit card information or bank records that a desperate employee can exploit. Sharing company trade secrets and intellectual property outlined in an NDA can also be detrimental to a business.
#3: Disgruntled Employees or Ex-Employees
It’s surprisingly popular. An employee will leave a company for whatever reason, and decide to delete vital company records for whatever reason. We’ve witnessed many companies that had to deal with data loss due to this scenario, and some business owners have taken the ex-employee to court over it.
Unfortunately, many business owners don’t give a second thought to how much information they share with their employees and provide individual user login accounts with separate passwords to track their online activity. Universal passwords entrusted to a disgruntled employee can easily be remembered or written down for off-site use when it’s harder to prove who did what and when.
Education is the Best Defense
If you’re concerned about your employees and how educated they are in the ways of hackers and cybersecurity, feel free to contact us at 860-785-6233 to learn about our in-depth Cybersecurity Employee Training program and Cybersecurity Risk Assessments to see how you’d fend against a malicious cyber attack.