It’s easier than you think for companies and business leaders to overlook cybersecurity.
Unfortunately, the nature of the threat means some of the biggest worries for your organization might actually be out in plain sight. Here are six kinds of cybersecurity risks that are regularly overlooked.
- Inconsistent or Nonspecific Cybersecurity Training
Employee meetings and training sessions are a hard sell — everybody knows that. Another obvious weakness in the cybersecurity strategy at your place of work is the people. More specifically, it’s how well and how consistently they’re trained on security essentials.
Since you don’t want to assume any one employee is automatically better versed on digital security than another, it makes good sense to standardize training. Everybody should be on the same page about the reality of the risks and how necessary a good human element is these days, even with all the anti-virus and anti-malware software available.
The understanding of what a phishing email looks like comes in handy just as much at home as it does in the office. It comes with an added bonus: Even though nobody likes extra meetings, 77 percent of surveyed employees stated that specific and consistent cybersecurity training helped them feel a greater sense of ownership over the company and its processes and assets.
- Poor Password Hygiene
It doesn’t matter how little or how much computing you do — internet passwords are everybody’s problem. When it comes to office culture and cybersecurity, poor password hygiene is an especially worrying house of cards. If one employee secures all their work accounts with the same password, that’s a lot of potential information that could go missing if somebody targets them for cybercrime.
The importance of good password hygiene isn’t as overlooked as it used to be, but some of the best solutions probably are. Investing in a password manager is always a good idea — and it’s something you can apply to office culture, too. Look for a password manager with cross-platform functionality if you need it, and search for multiuser plans to give everybody in the office the means to create and store their own strong passwords for everything they do at work.
- Not Taking Updates Seriously
This list entry is another one that gets talked about all the time, yet is still regularly responsible for personal embarrassment, as well as wide-scale disasters like WannaCry and Petya. These cybersecurity incidents exploited out-of-date software. More specifically, they took advantage of a window of vulnerability between a Microsoft patch going live and that patch being applied widely.
The point is not that clicking refresh on software updates all day long will prevent every possible instance a cybercriminal could exploit a vulnerability or back door. Setting everything you can to auto-update at a convenient time, daily, does stand a chance of keeping you safer.
“Hacktivists” regularly grab headlines these days when they seize digital secrets from the corrupt and the wealthy and either furnish it for public consumption or attempt to extort some kind of ransom for its return. Hacktivism has a history as long as the internet, and while its roots involve anti-war activism, hacktivism as a source of cybersecurity risk in the modern workplace is quite real.
Whether a company is actually complicit in wrongdoing or the public merely has that perception is practically immaterial. It’s also possible that hacktivism might be misdirected animosity from an employee who wants to put a spin on an act of revenge-based sabotage.
Regardless, if a hacktivist has singled out a company because they feel it has something that needs to be brought to light, it’s a serious potential breach of your records and a threat to your continuing profitability.
- Unsecured Personal Devices
BYOD culture — or bring your own device — is a great thing for employees and employers alike. It lets employees perform their duties in a digital workspace they already know and feel comfortable in. On the employer side, the lack of a serious learning curve and the small bump in productivity are welcome.
What’s less welcome are the cybersecurity risks that BYOD culture brings. It’s possible to permit and even encourage your teams to work on their own laptops and tablets, but this shouldn’t be done without a comprehensive and robust BYOD policy drawn up by your IT team. At a minimum, you should require that users access on-premises internet connections using VPNs and that all accounts are equipped with two-factor authentication.
- Mobile Malware and Ransomware
It was inevitable: As telephones grew more sophisticated and capable, they came to resemble mobile computers. Now, all that computing power is something we can leverage no matter where we are — but it comes with a lot of strings attached.
Malware has finally gone mobile. None of the modern mobile operating systems are exempt from risk, and there are multiple ways for malware to infect a device, including fake app downloads and Wi-Fi spoofing.
Ransomware is another threat to our personal and business cybersecurity. In one of the most famous cases, the U.K.’s National Health Service’s digital properties were held for ransom. Unbreakable protection is all but impossible, but ensuring your off-site and local data backups are always encrypted can give you some breathing room by keeping usable data out of would-be thieves’ hands.
The Bottom Line and a Takeaway
In today’s connected workplaces, here’s no single department within a company whose job it is to ensure everybody’s cybersecurity.
In fact, that’s the major message all across the digital landscape: No matter how large or small the company, it’s vital to speak and act as one when it comes to protecting digital assets and company property.
Kayla Matthews is a productivity and technology journalist with interests in big data, cybersecurity, IoT and other technologies. Aside from her tech blog, Productivity Bytes, you can read more of her work on CloudTweaks, Malwarebytes and IT Security Guru.