Individuals might wait until the new year to resolve to drop bad habits, but where cybersecurity is concerned, businesses should not assume that they have the same luxury of waiting. Every day that a business or its employees continue with bad habits will increase the risks that the business faces for a serious cybersecurity breach. Hackers and cyber attackers rely on several bad habits fostered by employee inattentiveness and laziness to gain access to corporate networks.
Weak, Re-Used, or Unchanged Passwords
Nobody likes to use a different password for every different online account, which leads to the bad habit of using the same, often weak password for every login, including logins for both work and personal matters. Using weak passwords that include sequential numbers of strings of alphabetized letters is an equally bad habit. Hackers that breached networks at LinkedIn and Tumbler were able to use these user propensities to sign in to user-established accounts at sites that were wholly unrelated to the targets of the hack. Password managers can help employees to break this bad habit by making it easier for them to use different passwords for every online login.
Indiscriminately Granting Permissions to Mobile Apps
A mobile device user who downloads apps onto the device can develop a bad habit of agreeing to whatever permissions that are requested by those apps. This includes granting access to location data, mailing lists, social media accounts, and more. Businesses can protect themselves from problems associated with these permissions by limiting permissions on devices that they issue to employees. Many businesses that have a “bring your own device” policy, which enables employees to use personal devices, will not be able to control these app permissions. Employees should be educated on the risks of granting broad permissions to different apps. Breaking this bad habit simply requires a device user to pay attention to the permissions that apps are requesting when they are downloaded onto a device.
Clicking on Links and Attachments in Emails from Unknown Sources
Hackers have learned to prey on inattentive users’ curiosity, emotions, and bad habits with email messages containing enticing “clickbait” lead-ins, or that appear to come from legitimate sources with requests to forward confidential information or to take some other actions that can install malware on a corporate network. Every employee should be trained to be suspicious of any email that directs the recipient to click on an attachment or a particular website for more information.
Ignoring Updates
Many device users find popup reminders to update software and firmware to be annoying and they frequently ignore those reminders as a result. The dangers of this bad habit were brought into sharp relief during the “WannaCry” ransomware attack that affected users in 150 countries in 2017. Many of the individuals and organizations that were targets in this attack could have avoided problems if they had simply installed a software patch that had been made available before the attack began. As with other bad habits, this one is free and easy to remedy with regular updates and installations of patches and bug fixes.
Using Free Wi-Fi
Free public Wi-Fi networks allow individuals to save the limited data on their cell phone plans, but the risks posed by those free networks far outweigh the cost benefits that this bad habit might give to a device user. Public Wi-Fi networks, for example, expose users to “man in the middle” attacks that can compromise personal data and network login information. Businesses can help their employees to break this bad habit by providing them with cellular data plans that let them bypass the temptations for free Wi-Fi.
Despite efforts to break bad cybersecurity habits, the “habit loop” often pushes people back into their old cyber-risky ways. Cyber insurance can help a company to save time, energy, and money when an employee’s bad habits lead to a successful cyberattack. Businesses can and should trust their employees to do the right thing where cybersecurity is concerned, but they should also expect that employees will relapse into bad habits that create cybersecurity risks. Cyber insurance is the final layer of protection against the consequences of those bad habits.
Absolutely – as powerful and sophisticated our technical defenses might be, its our behaviour which can make or break our cyber-safety..