An average employee uses around 2.5 devices for work. So, imagine an organization with a thousand employees. That’s a whopping 2500 endpoints, or rather, 2500 different ways an attacker can breach your organization. Now, while IT and security teams are working tirelessly to keep these endpoints secure, it often boils down to the employees and how much they understand the value of good cyber hygiene.
Related: The World is Doubling Down on Cybersecurity
Minor errors can lead to huge data breaches
Last month, we observed another safer internet month, reiterating the importance of encouraging strong and secure security habits. In fact, Verizon’s 2023 Data Breach Investigations Report (DBIR) shows that 74% of cyberattacks are caused due to human error.
Consider the 2021 breach of Sequoia Capital, for example. The breach highlights the devastating potential of poor cybersecurity hygiene. Through a successful phishing attempt, attackers were able to expose sensitive data from one of Silicon Valley’s oldest and most notable venture capital firms. However, the responsibility for such a breach can be attributed to either the attacker’s ingenuity, the employee’s carelessness, or both. Yet, in other cases, poor security habits have directly affected an organization’s security posture.
Back in 2020, Marriott International experienced a data breach that affected 5.2 million guests. The attackers used the stolen login credentials of two employees to gain access to the hotel’s servers. This breach illustrates the danger of weak password policies and the need for robust authentication mechanisms.
These scenarios underscore a critical lesson: in the realm of cybersecurity, there is no margin for error. Every small oversight can be exploited, leading to significant and often devastating consequences.
Related: Cybersecurity Attacks Are On the Rise — Is Your Business Prepared?
Everyday actions that make a difference
Let’s start with the basics – Passwords. Verizon’s Report also found that stolen or compromised credentials are the leading entry point for data breaches, accounting for 49% of initial system access. Password security is easily overlooked yet remains a fundamental and crucial method of securing our systems. Either by themselves or through password managers, employees should be encouraged to use unique, complex passwords for each account and to change them regularly. Additionally, turn on multi-factor authentication (MFA) whenever possible.
One of the most essential steps that employees may take is being cautious while sending emails. The main culprit to be aware of here is phishing. Phishing remains one of the most prevalent methods cybercriminals use, with about 3.4 billion spam emails sent daily. This means that for every 4,200 emails sent, one will likely be a phishing scam. As seen with the Sequoia breach, these messages often masquerade as legitimate emails from trusted sources. Employees can significantly reduce the risk of phishing attacks by verifying the authenticity of email addresses and avoiding clicking on suspicious links. Furthermore, employees should also report suspicious emails to the IT department. Many users simply delete such emails, preventing IT from flagging them in the future.
Regular software updates are another simple yet effective measure employees can take to enhance security. I get it; OS updates alone are hectic, not to mention the dozens of other applications. However, ensuring that our devices and applications are always up to date with the latest security patches helps close potential entry points for attackers. A bonus tip – many updates can be configured to automatically deploy when shutting down. So, shut down your computer at least once every week.
Another frequent troublemaker is public Wi-Fi. Employees should be trained to use encrypted channels such as VPNs when using public Wi-Fi networks or avoid them in general if possible. Furthermore, employees should also be mindful of their surroundings when working with sensitive data in public, ensuring that no peeping toms can view this information.
Related: 3 Reasons to Increase Your Cybersecurity Protocols in 2024
Enforcing a resilient security posture
While cyber-hygiene and secure habits are critical for a resilient security posture, organizations must never put all their eggs in one basket. By leveraging modern solutions and practices, organizations can ensure that safer habits are consistently encouraged and supported.
Let’s start with Unified Endpoint Management (UEM) solutions. A UEM provides a tool for managing devices of varying form factors and operating systems from a single console. Such management capabilities allow admins to push policies that ensure that every employee follows safe security practices. For instance, a UEM can push password policies that ensure each employee uses unique and complex passwords and frequently changes them. On the other hand, a UEM’s network policies can restrict the use of public Wi-Fis and ensure that corporate-owned devices only connect to secure company networks.
Additionally, UEMs also provide patch management capabilities. This allows admins to keep every device in their organization, whether in their same office or half a world away, patched and updated.
Next up are Identity and Access Management (IAM) solutions. These tools manage user identities, ensuring that the right users have access to the right resources. Through capabilities such as single sign-on (SSO), multi-factor authentication (MFA), and role-based access control (RBAC), IAMs ensure that access privileges align with an employee’s role within the organization.
The final piece of the puzzle is employee training. However, while a puzzle might have a final piece, employee training is an ongoing process that every organization should continuously prioritize. Simulated phishing attacks, regular workshops, and ongoing awareness campaigns can help employees become more aware of the threats lurking around them and allow them to counter such threats better.
The tiny things matter significantly in the constantly evolving realm of cyber threats. By fostering a culture of security awareness and leveraging the right tools, businesses can build a resilient security posture that protects their endpoints, data, and employees.