Published: July 11, 2024Cyber security is important for all organizations. Insecure employee behavior with technology can compromise your organization’s cyber security and have a major impact on the organization as a whole. Here we will explore 3 impacts of insecure employee behavior with technology, but before we dive into that let’s first go over some of those common behaviors.
Table of Contents
Common Insecure Employee Behaviors with Technology
Weak Passwords
Passwords are a very crucial layer in any cyber security strategy and yet they are often the area most neglected by people resulting in using poor password practices. Cybercriminals can use a variety of methods to crack passwords from obtaining leaked lists on the dark web to running programs to try and crack the password. To combat these and other tactics consider the following.
- Your passwords should be at least 14 characters long.
- Passwords should include upper and lower case letters, numbers, and special characters. It can even help to create passphrases to aid in remembering the password. These passwords should also be complex to make them harder to crack.
- Passwords should not be saved on your computer whether that is in the browser or on a document as these can be insecure places for storage. If you need to store your passwords consider a password manager.
- Do not reuse passwords on multiple accounts. If one site has a data breach then that password can end up on the dark web and cyber criminals can use it to check other websites.
Phishing Susceptibility
Phishing is the practice where cyber criminals use social engineering tactics to try and trick people into unknowingly installing some sort of malware. That malware could then be used to obtain information from or access the computer remotely and steal your data. Phishing is currently one of the most common forms of cyber attack. The human user is often the weakest layer in cyber security because if someone at your organization can be tricked, then a cyber-criminal can possibly access your organization’s entire network.
Sharing Credentials
Similar to the use of weak passwords, another common insecure employee behavior with technology is sharing user credentials. Sometimes people end up sharing accounts by sharing the login credentials with each other. This is very risky (and sometimes completely against the user agreement) because it provides more opportunity for the account to be compromised. One user could fall for a phishing scam or the credentials could be sent insecurely via email or something like that making it easier for a cybercriminal to intercept.
Impact on Organization Strategy
When acting on one or more of the common insecure behaviors we just went through on a personal device it is possible that you could be the only one impacted. Although cyber attacks often impact many people by spreading even when targeted on a personal device, when it comes to employee behavior an insecure environment can have major impacts on an organization. Here are three ways your organization could be impacted by insecure employee behavior.
- Data breaches – If an employee falls for a phishing scam then your organization’s data could be breached. That might mean being subject to ransomware or it could be that the organization’s digital property could be stolen.
- Financial loss – A data breach is costly. Not only does it include the potential monetary assets stolen by the cybercriminal, but it also includes things like possible legal fees and reputation damage control.
- Reputation damage – Having a cyber-attack happen to your organization can really impact your reputation. For example, if your organization sells products online then people might not feel comfortable submitting their payment information on your website for fear of that information being stolen.
Mitigating Insecure Employee Behavior with Technology
Now that we have looked at a few insecure employee behaviors with technology and the impact they can have on your organization, let’s go through 3 areas to focus on mitigating the impacts of those insecure behaviors.
- Employee training and awareness – Having quality training for your employees to develop a better awareness of the threat landscape for technology is very important. These trainings can have a wide scope of cyber security topics covered but it is important to have a program that has educational videos with follow-up quizzes and simulated practices (like simulated phishing emails sent to employees.)
- Strong authentication practices – Implement requirements for passwords so that they all need to be strong and complex. Consider a password manager for your organization and also activate multi-factor authentication (MFA) for all accounts you are able to.
- Access control and least privilege – In a network each user has access to certain areas of the network based on their user privileges. When it comes to the concept of least privilege, each user on the network has access to the least amount of files and network access possible for their position. This can prevent certain parts of the network from being compromised should a certain user account be breached.
Conclusion
The threat landscape for technology is constantly changing. It is even more critical for organizations to address any insecure employee behavior with technology in order to better protect their digital assets. Doing so can create another layer of security for your overall cyber security strategy.
How do you plan to take this next step for your organization’s security?
As always, we are here to help.
