When talking about cyber security, it’s tempting to focus on technology. Firewalls, two-factor logins, anti-virus software, and various other technological solutions often dominate discussions. In an ideal world, we’d be able to craft a technological solution for every problem.
Yet at the end of the day, human error is responsible for up to 90 percent of security breaches. If you want to increase security, you’ve got to take the human factor into account.
There are many steps you can take to improve end-user security. Let’s take a look at some tips for increasing end-user experience at your company or organization.
Start with ironclad passwords
Passwords are possibly the weakest link in the cyber security chain. People tend to choose easy to crack passwords. In fact, one of the most common passwords has long been the word “password.”
Other common passwords include:
With the right tech solutions, you can blacklist common password phrases. You can also require users to use a mix of letters, numbers, and symbols. Make sure you set up requirements.
Another important thing to consider is communication. Your employees may not realize just how vulnerable a weak password is. Many people think “that’ll never happen to me”, but when it comes to weak passwords, getting hacked can happen to anyone.
Employees like to write their passwords down on sticky notes and often leave them lying around. You need to communicate with your employees and explain that this is a serious risk. They should try to choose passwords that they can remember.
You could take the first name of your favorite movie star and the last name of your best friend in grade school, for example. Then combine it with symbols, caps, and numbers. Randomized passwords, however, are even better.
Some companies require employees to regularly change their password. This could help secure passwords, especially if the password was leaked. However, there is also some evidence that forcing employees to regularly change passwords encourages them to pick weaker passwords in the first place.
Educate your employees on phishing and how to spot attacks
Phishing is one of the most common types of cyber-attacks. Basically, hackers will pretend to be a legitimate authority, such as Google or even your own company’s IT team. They’ll send an email, asking someone to type in their password or “confirm” other sensitive details. Often, they’ll send people to a fake site with a legitimate-looking login screen. Once a user types in their info, the hacker has it.
Employees should check with their boss and the IT department every time someone asks for something sensitive or confidential. This includes:
- Social Security Numbers
- ID numbers
- Answers to security questions
- Any login credentials
Phishing attacks and other methods based on social engineering are now very common. While the word “hacker” might conjure up the image of someone writing code, in practice, many hackers focus on hacking brains rather than software.
Here again, communication will be key. Employees first need to be educated on how serious phishing attacks are and how sophisticated social engineering can be.
In one case, scammers pretended to be the French defense minister, even using silicone masks and setting up a government-like office to video chat with people. The scammers secured more than $90 million dollars before being caught.
Connect to the web safely
The Internet can be a dangerous place, especially in terms of cyber security. If employees are going to conduct work offsite and use laptops outside of the office, it’s smart to set up a Virtual Private Network (VPN). This network will encrypt data during transmission, making it harder for hackers to intercept it.
Also, work with your IT department to find powerful anti-virus and ransomware software. While these solutions can’t provide complete protection, they can add an extra layer of security.
Employees should also be trained to never open links in emails or download files until they verify that the email came from a legitimate source.
Also, it’s best to block devices from automatically connecting to public networks. These networks may be more vulnerable to cyber security attacks. Users should only connect with networks they know and trust, preferable through a VPN.
Outline and teach best practices
As you can see, there are a lot of factors to consider. As a company, you need to put together a series of best practices for employees. These practices should cover and address all of the above concerns and more. Companies need to teach employees how to protect themselves and your enterprise.
Your IT department, in particular, needs to follow best practices, keeping software patched and up to date. Your IT department should also set up data backup and recovery tools.
Data and information should be encrypted and secured as well. There should also be protocols in place for working with outside parties, where files should be stored, version control, and other considerations.
Accounting for human error and other cyber security risks is far from easy, but well-thought best practices will help reduce the burden.