In today’s world of cyber-attacks, it’s not always the bad guys in dark alleys that pose the biggest threat to your computer network. Nope, the real culprits are hiding in plain sight… they’re your very own employees and contractors!
Your team may be savvy at spotting scams and avoiding red flags, but all it takes is one lapse in judgment for a malicious software to sneak into your network. So, while you’re busy keeping an eye out for external threats, don’t forget to also watch out for the unintentional dangers your co-workers may pose.
Mistakes happen, but if you’re prepared, you can train your team to avoid those “oops” moments. Here are three ways your co-workers may be putting your company at risk:
1: Logging into unsecured websites – Your employees are always searching the web for information, but they may not realize that a website could be unsecured or even fraudulent. These sites may appear legitimate but can contain malware that can infect your device.
Here are several steps from Norton to know if a website is safe:
- Check for the SSL certificate. That website isn’t encrypted if you only see HTTP within a URL. So, your online activity is visible to bad actors. In contrast, HTTPS means that the same website encrypts its website through a security feature provided by an SSL certificate.
- Double-check the domain. You can never research a website ENOUGH. It can take less than a minute to search the website name on Google, Better Business Bureau, or Trustpilot, to name a few.
- Verify ownership. You can take one step further in verifying if a website is legitimate with the help of online tools like Whois Lookup. You’ll find the name of the registered individual or legal entity that owns the website.
2: Falling for social engineering attacks – Have you ever received an email from a “friend” in distress, asking for your help? This is a classic example of social engineering, where bad actors manipulate people into giving out confidential information.
Here are a few tips from WebRoot to protect yourself from a social engineering attack:
- Delete any request for financial information or passwords. No “friend,” financial institution, IRS, etc., will ever ask you to reply to their message with your personal information. It’s a scam.
- Reject requests for help or offers of help. If you have yet to request assistance from any company and a company is reaching out to help you, do not provide any information. Additional examples may include companies offering to help with your credit, refinance your home, etc. Delete the message ASAP.
3: Sharing passwords and credentials – Your co-worker may need access to your system but giving them your password can put your online accounts at risk. All it takes is one mistake, and your confidential information could be compromised.
Here are some steps to follow for passwords:
- Don’t share passwords. Your personal information and your company’s confidential information are valuable. So valuable that bad actors would love to access it to hold it for ransom.
- Use unique passwords. For many of us, we like familiarity. It makes it easier to remember. When it comes to passwords, use different ones for your bank or your email for your work computer. Be unique and use different passwords.
- Enable multi-factor authentication (MFA). Adding MFA as an additional security measure provides that extra step that deters bad actors and makes it harder to access your password.
We love helping companies keep their network and data SAFE. We aim to educate your organization on proper procedures and integrate suitable preventive measures which align with your business goals. We’d love to discuss how we might do both, so you have one less thing to worry about in 2023. So, if you’d like to learn more about how to protect your business, click here.