How to Curb Your Employee’s Worst Security Habits

Tech Masters recently released our Ultimate Guide to Working Remotely! Click here to get your free copy! It’s a great primer (or refresher) for getting your employees set up to work remotely, communicate efficiently, and complete their work productively.

This week we’ll dive in a little deeper on the issue of cybersecurity.

This can be a thorny problem when you recognize that more people working across multiple locations means more opportunities for hackers to take advantage. It’s easy to fall into bad habits, but it’s hard to recognize the serious threat they make until a significant breach happens. Stay ahead of cybersecurity threats with our top tips for curbing your employees’ worst security habits.

Not Taking Threats Seriously

My dad used to say “Nobody goes to the beach expecting to drown.” A little dramatic maybe, but it had the desired effect of keeping five rowdy kids close to the shore while on vacation. 

Most people don’t expect the worst to happen to them at any given moment; we all think that we are the exception to the rule. Just like nobody goes on spring break intending to contemplate their mortality, very few people (outside of IT professionals) walk into their office thinking about all the ways they might accidentally cause a cybersecurity breach.

According to a 2019 report by Verizon, 43% of cyber attacks were targeted at small businesses. That’s a terrifying number, especially when you take into account that only 14% of small businesses self-rate their cyber security as highly effective.

The threats are very real. From malware to trojans, there are numerous ways for a hacker or a virus to get into your system and wreak havoc. Awareness of the problem is the first step to addressing bad habits.

Relying on a basic firewall

It is easy to think that all you need is the basic security systems that come with your laptop or preferred web browser. But basic isn’t good enough. Remember the analogy of your firewall being the protective barrier around your castle? To continue the analogy, you want to make sure that castle barrier is a solid stone wall around your castle, with maybe even an alligator-filled moat around it for good measure! The more barriers you have, the better your chances of avoiding a cyber attack.

Using multiple types of firewalls is a good investment, even with the cost incurred to do so for all of your remote employees. It’s better to invest the time and resources into upgraded firewalls now, than to have to deal with the fallout and financial implications of a data breach later.

Not having a disaster/recovery plan in place

Speaking of data breaches, do you know what your first steps would be in terms of a disaster/recovery plan? No one likes to plan for the worst (again, it’s like contemplating your mortality on spring break…no fun!) But the businesses that are ahead of the game are the ones that take the time to think critically about both the potential flaws in their security systems and the steps they would take to recover and secure their data.

This extra investment in planning will pay you enormous dividends when (not if!) you deal with a data disaster. Having a nimble team and a roadmap in place could be the difference in your business recovering vs. your business going under.

Forgetting email protection

Email can be one of the easiest ways to break into a secure system. Most people rely on whatever malware is built into their email system, but that will not be enough to protect against bad habits like using poor passwords, not logging out of your email before you exit the browsing window, or clicking on suspicious links from unknown senders. 

According to a Harris Poll that was conducted with Google, employees reuse one password an average of 13 times! It’s important that your employees use a different, strong password for every system that they log in to. There are apps available such as LastPass that provide a secure way to store all your passwords so you won’t forget which password gets you into which system.

Yes, all of these baby steps take time, even with a tool as great as LastPass. It can be easy to think “I’m just repeating this password once” or “oh, I’m just going to grab a quick snack, I can leave my browsers open.” But you never know when or where a security breach will happen, so it is important that your employees are vigilant about email security.

Not using multi-factor authentication

Okay, so this one does have to do with you more than your employees. But setting up multi factor authentication is another way to ensure the security of your passwords while encouraging good password use by your employees. 

Two-factor authentication, for example, requires your employee to take an additional step to enter a secure system. This adds one more layer of protection to your email and other electronic systems. The more layers of security you require, the harder it will be for someone to access your files and data. So even if you do have that one employee who has duplicated a password, having multi factor authentication will help keep their account and your data secure.

Forgetting to update your software

Yes, it is tedious to update your software every time a reminder pops up. Haven’t we all clicked the “wait 24 hours” option as many times as possible? But updating your software is an important part of maintaining cybersecurity for your work devices. 

Remember when Apple released iOS with a flaw that made the iPhone vulnerable to “maliciously crafted” JPEG files? Yeah, that’s why companies are constantly releasing updates.

New updates often include security updates that will help protect your data and hardware from malicious viruses, so not processing those updates in a timely manner puts your information at a significant risk.

Connecting to unsecure locations

Here’s the beauty of working remotely–if your employee needs a little mental break, they can pack up the laptop, mask up, and head to the park or a coffee shop with outdoor seating to work for a bit. One of the great benefits of working remotely is the ability to change your scenery when you need inspiration or motivation.

But working remotely does bring about the possibility that an employee might log in to an unsecure network. This is a big one, and this really comes down to you putting effective training and regular communication in place for your staff. Remind them to only log in to secure wi-fi when working away from their home or office.

Putting all of these security measures in place, coupled with regular employee training, will ensure that your small business data stays secure.

Do you want regular tips for cybersecurity? Subscribe to our monthly tech guide! Our newsletter provides updates on business and IT news, cybersecurity tips, and more ways to support your growing business. Sign up here.