While businesses continue to manage corporate-level cyber security risks, untrained or unaware employees can make their employers and themselves vulnerable to attacks. In 2024, Forrester predicts 9 out of 10 attacks compromising data will involve so-called human risks.
With increasingly sophisticated, AI-assisted data breaches targeting individuals’ business and personal information, Michael Beamon, Cone Health’s IT manager responsible for cyber security and access, offers the following tips:
Train employees to be vigilant since online fakes look increasingly real: Individuals are vulnerable to phishing, fake sites and other online scams. Fraudulent emails and websites, which often solicit personal information, passwords and credit card numbers, increasingly look and function like the real thing. “Even if employees quickly realize that the link they clicked is fake and nothing appears to happen, they need to know to report the incident to the IT department,” urges Beamon. “Top concerns include drive-by malware downloads, credential harvesting and other compromises affecting businesses and individuals, including personal fraud and identity theft.”
Password management best practices are important at work and at home: Some people, in response to password fatigue, may use the same weak passwords at work and at home. Unfortunately, 75% of people use poor password practices with 8 out of 10 breaches caused by compromised credentials, according to Verizon’s Data Breach Index Report.
Using long, 14-16-character passwords, two factor authentication and different passwords across sites and software help manage risk. “While it can be tempting, using the same password at work, your bank and online shopping sites is never a good idea,” adds Beamon.
Ensure employees understand and follow company-approved software and related download policies. Downloading freeware, trialware or even other versions of software currently used at work can open up a Pandora’s box of trouble for companies, according to Beamon.
Employees should understand that companies have software policies in place to ensure computer and network security, including from malware infections and unsecure sites. Also, pirated or unlicensed software usage can pose corporate legal issues as well.
