One Shockingly Common Blind Spot that Can Derail Your Company's Cybersecurity So you think your company's data is secure? If you haven't engaged your employees in cybersecurity, your company could be in danger.
Opinions expressed by Entrepreneur contributors are their own.
Few things have had such a drastic impact on workplace culture in recent years as the nearly overnight shift during the pandemic to remote work for just about every company for which such a business model was feasible. Instead of commuting into an office, a majority of employees are logging in to their jobs from home — and increasingly relying on cloud-based applications such as Google Drive or Dropbox to collaborate and get work done. Now that we've all gotten the hang of doing business via Zoom in our sweats, it's unlikely that many companies will ever go back to a full-time, everyone in the office, everyday scenario.
There is a downside to this situation, however. Reliance on cloud-based apps run on home computers and personal devices of your employees can leave your organization's data especially vulnerable to cyber theft and corruption. People are accessing company systems using their own network devices and services, many of which are not configured by default to be secure. Also, employees could be accessing the Internet in an open-access point where your Web activity is open and visible to anyone else on the Internet or they could be facing a situation in which a malicious actor has set up a Wi-Fi Access point to intercept and monitor wireless network connectivity. Juniper Networks reports that there has been a 400 percent increase in cybersecurity attacks against businesses since the pandemic began and this activity has a real cost attached, and Cybersecurity Ventures estimates cyber crimes will add up to about $10.5 trillion a year by 2025.
Related: A Business Leader's Beginner Guide to Cybersecurity
Lazy shortcuts and neglect leave your business vulnerable
Add to these variables the simple factor of bad habits and, well, laziness. According to recent data collected from more than 4,700 employees taking human resources training courses through my company, Emtrain, this year:
One in two reports using the same usernames and/or passwords across their work and personal accounts.
8 percent believe that security precautions on personal devices are more trouble than they're worth.
20 percent report not changing their work passwords since last year — or ever.
For business leaders, it's time to operationalize security — meaning weaving security practices and mindfulness into the daily actions and culture of your company's rank and file. That means continuing security education and awareness on a regular basis and making sure all of your employees are following the following important basic tips to mitigate risks.
Related: 6 Cybersecurity Must-Haves for Your Business
Just the basics: Simple steps for all employees to keep data safe
Before clicking through on any link or giving up any information in an e-mail, take the steps to verify its source. Call or visit the website and make sure it's a legitimate organization.
Keep your software updated. Configure automatic updates for your laptop operating system and applications (such as Microsoft Office 365, Adobe, Chrome browser, etc.).
Use a password manager so you don't have to remember or reuse passwords across accounts.
Change default admin/access default account passwords on home devices and anything with Internet connectivity (including TVs, Alexa, etc.).
Use antivirus software and keep it updated. Use endpoint antivirus/anti-malware protection software and keep it up-to-date.
In a nutshell, criminals are looking for any point of entry to steal your data. That means protecting ourselves in our cyber-enabled world is a company-wide team effort and not just the responsibility of the info security team. Even though companies spend millions of dollars on security, you're only as strong as each employee in the organization. If the employees are not trained and not on guard, you're completely vulnerable to an attack.