If you run a small business, you are a target for cybercriminals. At this point, it’s just a fact of life. Hackers, scammers and cybercriminals of all kinds target small businesses because they are plentiful, and more often than not, they lack good cyber security (if they have any at all). Here’s the kicker: these criminals don’t need to use malicious code or advanced hacking skills to get what they want. In reality, many of them target your biggest vulnerability: your own employees.
It’s a sad truth, but every day, employees of small businesses let hackers right in because they don’t know better. They see an e-mail from the boss, open it and click the link inside. By the time they realize they’ve made a mistake, they’re too embarrassed to say anything. From there, the problem gets worse. Actions like this can end in DISASTER for your business.
The problem is that most employees don’t have the training to identify and report IT security issues. They aren’t familiar with today’s threats or they don’t know to not click that e-mail link. There are many things employees are doing – or not doing – that cause serious problems for small-business owners. Here are five things people do that allow hackers to waltz in through your front door.
- They don’t know better. Many people have never been trained in cyber security best practices. While some of us may know how to protect our network, safely browse the web and access e-mail, many people don’t. Believe it or not, people do click on ads on the Internet or links in their e-mail without verifying the source.
This can be fixed with regular cyber security training. Call in an experienced IT security firm and set up training for everyone in your organization, including yourself. Learn about best practices, current threats and how to safely navigate today’s networked world.
- They use bad passwords. Many people still use bad passwords like “12345” and “qwerty.” Simple passwords are golden tickets for hackers. Once they have a username (which is often just a person’s actual name in a business setting), if they can guess the password, they can let themselves into your network.
Many security experts suggest having a policy that requires employees to use strong passwords. Passwords should be a mix of letters (uppercase and lowercase), numbers and symbols. The more characters, the better. On top of that, passwords need to be changed every three months, and employees should use a different password for every account. Employees may groan, but your network security is on the line.
- They don’t practice good security at home. These days, many businesses rely on “bring your own device” (BYOD) policies. Employees use the same devices at home and at work, and if they have poor security at home, they could be opening up your business to major outside threats.
How do you fix this? Define a security policy that covers personal devices used in the workplace, including laptops, smartphones and more. Have a list of approved devices and approved anti-malware software. This is where working with an IT security firm can be hugely beneficial. They can help you put together a solid BYOD security policy.
- They don’t communicate problems. If an employee opens a strange file in an e-mail, they might not say anything. They might be embarrassed or worry that they’ll get in trouble. But by not saying anything, they put your business at huge risk. If the file was malware, it could infect your entire network.
Employees must be trained to communicate potential security threats immediately. If they see something odd in their inbox, they should tell their direct supervisor, manager or you. The lines of communication should be open and safe. When your team is willing to ask questions and verify, they protect your business.
- They fall for phishing scams. One of the most common scams today is the phishing scam. Cybercriminals can spoof e-mail addresses to trick people into thinking the message is legitimate. Scammers often use fake CEO or manager e-mails to get lower-level employees to open the message. Criminals will do anything to trick people into opening fraudulent e-mails.
Overcoming these threats falls on proper training and education. Phishing e-mails are easy to spot if you take the time to do it. Look at the details. For example, the CEO’s e-mail might be CEO@yourcompany.com, but the scam e-mail is from CEO@yourcompany1.com. It’s a small but significant difference. Again, it’s all about asking questions and verifying. If someone isn’t sure if an e-mail is legit, they should always ask.