Businesses use a variety of different safety measures, like firewalls, regular software updates, and data encryption, to defend against cyber attacks. Yet, these attacks remain alarmingly common. In fact, a study by IBM found that 95% of cyber breaches are caused by human error.

So, what exactly counts as a human error?

A professional cyber security company will likely define human error as unintentional actions or inactions by employees or end-users that lead to, enable, or worsen a security breach. These mistakes can be surprisingly simple, such as using weak passwords, accessing company emails over unsecured public Wi-Fi, or clicking on phishing links.

Companies must educate employees about cybersecurity best practices and conduct regular audits to ensure there are no discrepancies or vulnerabilities that threat actors can exploit.

We will look at some of the most common mistakes employees make and how organisations can prevent them.

1. Falling Prey to Phishing Emails

This is the most common scam cybercriminals use to trap unsuspecting and trusting individuals. Despite numerous advocacy campaigns, people still fall prey to phishing emails and SMS. Scammers are also becoming more sophisticated in their approach, making it increasingly difficult to spot the discrepancies between a genuine and a phishing email.

Here are some things to look out for:

• Check the sender’s email for spelling mistakes or typos
• Official emails are always sent from official email addresses which look like john.doe@company.com. A phishing email may be sent from an ID like joh.doe@gmail.com.
• There will usually be a downloadable file or a clickable link attached.
• There might be grammatical errors in the body of the email, and there might be a sense of urgency urging you to take action.

2. Weak Password

Aren’t we all guilty of this? Many of us use the same password for everything. whether it’s your banking app, shopping accounts, personal emails, or even work logins, many people stick to one password out of sheer convenience.

But if a hacker cracks your password, they will have easy access to all your accounts. You are risking your personal data and that of the organisation. Similarly, using easy-to-guess passwords is another mistake employees make.

Using the names of your children or partner, your anniversary, or your birthdate are examples of common passwords that can be easily cracked. Sometimes, we unwittingly write passwords on a notepad or save them on our phones, making them easy targets.

The best way to avoid this mistake is to use a password manager to save all important passwords or to use two-factor authentication. This prevents unauthorised access.

3. Using Public WiFi During Remote Work

Many companies are now adopting a remote-first or hybrid work culture. This makes it the employees’ responsibility to adhere to basic cybersecurity norms, which include avoiding public WiFi in airports, train stations or cafes. Instead, it’s best to use WiFi at home or your mobile hotspot when connecting on the go.

Similarly, you must use your company laptop and do all your work on it, rather than saving essential documents on your personal device. Additionally, another key piece of advice is to never delay software or security updates that the internal IT team sends.

4. Not Being Aware of Social Engineering

Social engineering involves manipulating individuals psychologically to reveal sensitive information or perform undesirable actions. Scammers impersonate a colleague, manager or client, asking you to grant access to confidential files or share some sensitive information.

Even the most sophisticated cybersecurity measures might find it difficult to stop social engineering scams. Proper training is essential to avoid compromising your company’s cybersecurity due to social engineering.

Organisations can restrict access to sensitive data and files, require password changes or updates after a predetermined period, and remove any old or redundant access from former employees.

5. Installing Unapproved Apps or Tools on Official Laptop

Employees should only install company-approved tools and software on the official laptop. Sometimes, some workers might download tools on their own, which might have malware hidden in them. This can compromise the organisation’s cybersecurity. Many people browse their social media accounts on their work devices, which can compromise the company’s data security. Clickbait on social media often directs users to malicious websites.

This is why it must be strictly forbidden for employees to combine work and play, and they should only install or download apps that have been approved by the IT department.

Final Words

It is not like you will be scammed every time you open your X account on your office laptop or that using your grandmother’s maiden name will result in a weak password that can be deciphered. However, these are common vulnerabilities that scammers are waiting to exploit, and by avoiding them, it becomes easier to avoid falling prey to cyber threats.

Cyber attacks can have severe repercussions, including productivity loss, financial setbacks and reputational damage. Data protection is not only the responsibility of the organisation, but also of its employees.

Have you been guilty of these common cybersecurity mistakes?