Get All Access for $5/mo

4 Things Your Employees Are Doing Right Now That Are Compromising Your Network Just because you know cybersecurity, doesn't mean your employees do.

By Jennifer Spencer Edited by Dan Bova

Opinions expressed by Entrepreneur contributors are their own.

In today's digitally connected world, your team has the unprecedented ability to quickly get the tools and information they need to streamline their work. But with all of that accessibility comes new risks to your cybersecurity. Malicious individuals are eager to gain access to the confidential information housed in your company's networks — and your employees can be an all-too-easy target.

Case in point: research from Stanford University and Tessian reveals that 88 percent of business data breaches are caused by employee mistakes.

Without sound cybersecurity training, your employees are likely going to continue making mistakes that have the potential to compromise your data — and your clients'. Understanding what they are doing wrong and setting things right is essential.

1. They're falling for phishing emails

Phishing scams are perhaps the most widely known example of how employees can compromise your network. These occur when an employee receives what seems to be a legitimate email asking them to click on a link or to provide certain information.

Unfortunately, simply clicking on a link could be enough to bring malware into your network. Employees must receive training to understand what these emails look like so they can send them to the spam folder where they belong.

As Steven Price notes in a blog post for Tech Rockstars, "The challenge is that phishing emails have gotten harder to spot. Scammers can spoof legitimate web addresses. They can make fake emails look like the real deal. But there are still plenty of minor details that indicate the e-mail is a fake. […] Training helps employees identify red flags."

Continues Price, "But more than that, it helps them identify changing red flags. For instance, a phishing email from 2010 looks nothing like a phishing email from 2020. Scammers stay ahead of the curve. They know the trends, and they know how to adapt. Your employees also need to know the trends and need to be ready to adapt."

Related: 5 Types of Employees Often Targeted By Phishing Attacks

2. They're doing work activities on an unsecured network

The rise of remote work has certainly benefitted employees and businesses by offering increased flexibility and reduced overhead. Unfortunately, the networks they use to access the internet may not be as secure as what you have in place in your office.

When an employee uses an unsecured wi-fi network (such as at a coffee shop or airport), hackers can easily intercept login information and other sensitive data that is transmitted via this connection. This includes emails, instant messages, bank account data — anything that the employee accesses while using this network.

Businesses must ensure that their own networks are fully secured, and provide strict instructions to employees regarding which networks they connect to for their work-related activities.

3. They're using outdated software

Most companies use a broad range of cloud computing tools, such as CRM software or logistics tracking. Most also use programs for word processing, accounting and other vital activities. Even for programs that don't seem to depend too much on the internet, ensuring that all software is fully up to date is crucial for preventing security breaches.

The reason behind many software updates is to address new security vulnerabilities that have been discovered. Failure to update software can leave loopholes that hackers can use to access the information being stored by your business. Similar issues can also result from using outdated hardware. Eventually, the hardware manufacturer will stop pushing updates for old equipment, leaving it vulnerable to security threats.

Ensure that your network administrator is keeping all software up to date. Remember that the cost of replacing old hardware will ultimately be much less than if you were to suffer a data breach.

Related: 5 Essential Considerations You Need to Make Before Investing in New Technology

4. They don't have good passwords

Easy-to-guess passwords (like "password" or "123456") are never a good idea — especially if your employees are using the same passwords for their work and private accounts.

As Clifford Colby and Sharon Profis explain in an article for CNET, "It's worth repeating that reusing passwords across different accounts is a terrible idea. If someone uncovers your reused password for one account, they have the key to every other account you use that password for. The same goes for modifying a root password that changes with the addition of a prefix or suffix. For example, PasswordOne, PasswordTwo (both bad for multiple reasons). By picking a unique password for each account, hackers that crack into one account can't use it to get access to all the rest."

Strong passwords use a mix of upper and lower case letters, numbers and special symbols. They should avoid using common words or phrases, as well as personal information that someone else might know.

A random combination of characters can be quite effective, even though your employee might need to write it down somewhere safe to remember it. Requiring strong passwords for business accounts and implementing two-factor authentication will help prevent easy breaches.

Are you helping your employees stay safe online?

Surveys indicate that 43 percent of workers don't receive regular cybersecurity training — and an additional eight percent have never been trained. This poses a major risk to your business, especially as phishing and other cybersecurity threats are becoming more prevalent and more sophisticated.

By ensuring that your employees know what to do — and what not to do — online, you can have greater confidence that their actions aren't putting your business at risk.


Jennifer Spencer

CEO of Energent Media

Jennifer Spencer is the founder of Energent Media, a digital marketing firm for tech startups. She is passionate about helping brands leverage content to share their stories with the world.

Want to be an Entrepreneur Leadership Network contributor? Apply now to join.

Leadership

10 Ways My Leadership Has Changed in 10 Years

Reflecting on the ways my approach to leadership has transformed over the past decade and the key lessons I've learned along the way.

Starting a Business

He Started a Business That Surpassed $100 Million in Under 3 Years: 'Consistent Revenue Right Out of the Gate'

Ryan Close, founder and CEO of Bartesian, had run a few small businesses on the side — but none of them excited him as much as the idea for a home cocktail machine.

Business News

'Life Changing to Many': MIT Makes Tuition Free For Families Making Less than $200,000

The sticker price for a year at MIT without aid is $85,960.

Operations & Logistics

What Every Entrepreneur Should Prepare for in 2025 — These Trends Could Make or Break Your Business

With AI, shifting supply chains and political forces reshaping the landscape, businesses across every sector face a pivotal year ahead. Here are three hard-won lessons that have helped me adapt to market changes — and can help you thrive in 2025.

Marketing

Want To Be a Great Marketer? Stop Thinking Like One

In an age of AI-fueled content overload, consumers crave genuine connection and meaningful marketing.

Business News

Watch 'The Banana That Broke the Internet' Sell for Millions at Auction

Justin Sun, Chinese collector and founder of cryptocurrency platform TRON, placed the winning bid of $6.24 million for "Comedian" on Wednesday.