Over the past decade, computing technologies have become an essential part of professional working environments, leading some hiring managers to prioritize basic computer skills in their job postings. And while computers can provide a variety of benefits for employers and employees alike - such as increased productivity, enhanced collaboration, and real-time communication capabilities - they also come with a unique set of inherent risks.
A recent study from the Identity Theft Resource Center found that a total of 932 high-profile data breaches occurred during the first 10 months of 2018 alone, exposing approximately 47,231,256 sensitive records. The ITRC also found that 46.4 percent of these breaches were reported by entities in the business sector, including retail services, payment processors, utility companies and even nonprofit organizations.
While the causes of data breaches tend to vary between industries, there is some overlap in that many employees lack general cybersecurity awareness. In fact, a state of the industry report produced by Shred-it, an information security company, discovered that employee negligence is the leading cause of data breaches in the U.S., with 47 percent of C-Suite executives and small-business owners admitting that human error or accidental loss had led to a data breach at their organizations. So what are the common cybersecurity mistakes that employees make?
4 common cybersecurity mistakes
In late-February, The Business Journals published an article discussing the importance of comprehensive security awareness, identifying five common mistakes that can leave businesses vulnerable to cybercrime, including things like:
- Downloading ransomware: Many employees are inexperienced when it comes to recognizing whether a link or file posted online may pose a risk to their work computer. Ransomware uses malicious software (often downloaded unknowingly) to render a computer completely inoperable until the user pays a fee to restore their system. This can be particularly damaging to businesses, as it can lock down critical data and applications they need to perform essential work-related tasks.
- Falling for phishing scams: Cybercriminals sometimes send fraudulent emails in an effort to trick employees into revealing confidential information or performing a specific action. In most cases, these emails are easy to spot, but they can appear quite legitimate to workers who are unaware of the tactic. Some phishing scams also include links within the email that will initiate a download of ransomware or malware when clicked.
- Selecting simple passwords: Cracking passwords is one method cybercriminals use to gain access to an organization's computer network and valuable business data. Employees who lock their workstations behind simple or default passwords, reuse the same password for multiple accounts and/or infrequently update them are easy targets for hackers. This is one reason why many companies require employees to select complex passwords that use a combination of letters, numbers and symbols.
- Posting too much private info on social media: When employees first set up their work computers, they're often asked to establish a set of security questions that can help them recover their account or password if they forget. Cybercriminals often use social media to research into potential answers to these questions, such as pet names and favorite songs, allowing them to gain access through social engineering.
With large-scale data theft on the rise, it's never been more important to find job applicants who have (at least some) familiarity with cybersecurity. While in-house training programs can be effective for spreading awareness, it's better to hire employees that already possess a baseline understanding of how cybercriminals operate. Luckily, most millennial job seekers have grown up alongside the internet, reducing the likelihood that they will make these common mistakes while using their work computer.