Cyber-attacks continue to grow in the US and businesses that don’t properly secure their systems and inform their employees are exposing themselves. Symantec revealed in their 2016 Internet Security Threat Report that 430 million unique pieces of malware were created in 2015 alone. Below are some shocking stats from the report:
- Over half a billion personal records were lost or stolen in 2015
- Spear-phishing campaigns targeting employees increased 55%
- Ransomware increased 35%
We asked our IT team here at NextLOGiK to put together a list of the most common mistakes they see on a daily basis that put organizations at risk. Review the mistakes below and learn how they can easily be remedied and lead to more secure business practices.
Opening email attachments from people you don’t recognize
- Check the context of the email message. If anything looks suspicious or the person is asking you something that they wouldn’t usually ask you to do, it’s more than likely spam.
- Check the sender. Don’t recognize it? Google the domain name after the @ symbol to see if it is a legitimate domain/business
- Still unsure? Send the email to your email administrator to get verification if it is a spam email
Forwarding emails with attachments from people you don’t recognize
- Notify your IT administrator Even if you haven’t opened the attachment, other employees could have been targeted as well
- Do not forward the email to anyone else in your organization. This increases the chance of a malicious attachment being clicked on accidentally.
Using common passwords
- While this password security tip is more commonly enforced when signing up for online services, we still see employees using yourname123 and yourbirthday.
- Re-work your current passwords, using numbers and capital letters intermittently along with uncommon symbols. If you have newyork as your password, try changing it to something like N3wY0rK! Even though it is not very complex, it would not be guessed as easily.
Leaving sticky notes with passwords on your desk
- Anyone could walk up and gain access to files or systems with confidential information. Physical security is important if you have to write your passwords down, like a locked desk drawer.
Using the same password for multiple accounts and years
- It’s important to change your passwords frequently. We just spoke with a client who had had the same password for 10 years…that is a security no-no!
- For sensitive, business-critical information it is important to change your password every three months
- Do not use the same password for every account you have. Having different passwords for all of your accounts reduces the possibility of all of your accounts being compromised at once. With the vast increase in daily cyber-attacks, password age (how long you’ve had it for), complexity and length are very important.
Not adding a password or passcode on your work devices
- It is highly recommended that you have added a password or passcode to the devices you use at work. The longer and more variation in characters, the more secure.
- When you walk away from your computer, lock it – the same goes for your work phone. Unlocked devices entice people to use them for snooping or malicious activity.
Clicking on advertisements
- Most ads are harmless, but the ones that are too good to be true – how to instantly make $1 million dollars or you WON’T believe what Hillary/Trump/Kimye just did are often clickbait advertisements that could lead you to sites with malware
Searching the deep web
- The deep web is the shady part of the internet, not seen on common search engines like Google and Bing. CNN Money outlines the deep web in a safe-for-work infographic.
- Work computers should be used for business only, there are a lot of deep web sites that will instantly track you and install malicious code.
Though it didn’t make it into the top eight, it goes without saying you should never wire money to a prince in Nigeria, but this scam continues to evolve over time and victimize Americans. By recognizing the above list as threats and informing your employees, you are taking the first steps to better securing your organization from malware and cyber-attacks.
See any other common security mistakes being made at work? Have a question for our experts? Send us your thoughts or comment below with any top threats we left out.