To prevent security breaches, it’s not enough to partner with or hire one of the best IT companies available. You need your employees to stay up-to-date on cyber security protocols.
Though hackers are getting more and more sophisticated technologically, even the most insidious hacking attempt often relies on simple aspects of human psychology. You might not realize how easy it is for employees to give information over to malicious individuals, whether through sharing passwords with disgruntled colleagues or opening themselves up to baiting on social media. With enhanced cyber security awareness training, you can help discover if your employee is simply sharing too much.
Here are some ways your employees might be handing over sensitive information to hackers:
1. Your employee is using social media to telling hackers how to target them
People often feel incredibly comfortable on social media. And why blame them? Social media accounts are only seen by your employees’ trusted friends and family, right? Wrong.
Hackers are more than capable of using social media accounts to gather and compile information on your company. Employees know to exercise care in email and business communication but they might be prone to overshare on social media.
What hackers can do with social media is extremely insidious. If an employee shares a seemingly innocuous detail about the organization, like a policy that doesn’t seem like a big deal, this information can be used by hackers to initiate a false sense of security.
Forbes outlines how this process, called social engineering, allows hackers to then use this small detail in a later communication. Your employee, thinking that only a trusted person would have access to these details, might then be tricked into sharing information with that individual.
Your employees shouldn’t be sharing details of work practices—especially details and policies that only employees would know—under any circumstances.
In addition to company-specific details, hackers can engage in a process called baiting, where they’ll discover someone’s interests via social media and send an email that’s tailored to that person’s interests. Sharing over social media that you’re obsessed with cat videos? A hacker could bait you with an email that promises the cutest kitty video of them all.
2. Your employee is literally giving information away via phone or email
“Hi, this is Joe from IT. We noticed a problem with your password and we’re going to need to reset it.”
Hackers rely on human beings’ innate trusting of authority to set up these exploitative situations. Your employees might think they’re engaged in a friendly conversation with a trusted IT professional, but they should be trained in advance to know that they should never give password information over the phone.
Ditto email. Your employees need to know that a legitimate company (including their own IT company) would never ask them to change a password via email. Train them to recognize a genuine communication from IT support vs. a malicious attack from a hacker.
This goes, as well, for downloads. Hackers well-versed in social engineering know that people generally want to be nice and helpful. So if they receive any email from the “IT department” asking them to download something that seems innocuous…many of them will do it. Just to be helpful.
To decrease these risks, emphasize the following to your staff:
- Be suspicious of any requests that include the words “urgent.” Hackers often rely on making users feel nervous and on-the-spot to trick them into downloading malware or clicking a malicious link.
- Be suspicious of typos in the document which can indicate the work of a hacker.
- Teach them to hover their mouse over embedded url’s to see if the url’s will be taking them to an untrusted site. More importantly, train them to think very carefully before clicking links in emails, even when it appears that it’s coming from the HR department at your own organization. And never, ever, click on a cat video from an unsolicited source.
3. Your employee is giving hackers access to lost mobile devices
Mobile phones are both a blessing and a curse in the world of business communication. On the one hand, mobile devices and tablets make information accessible to anyone in your company at any time. But because these devices are on the go, they’re easy to lose. Train your employees to practice care when taking their mobile devices on the road with them. Make sure that their mobile devices and tablets are strongly password protected. Just like at work, employees should never leave their private devices unlocked in a public place.
And if their mobile devices are stolen, make sure there’s a system in place where they can report the loss as soon as it occur.
4. Your employee is sharing sensitive information…with other employees.
No company wants to consider the idea that their own employees are responsible for stealing data. It’s a lot more palatable to picture a malicious hacker in a shady basement rather than your upstanding employees, many of which you’ve handpicked yourself.
Yet acccording to Statistic Brain, employee theft of workplace data costs U.S. businesses around $50 billion yearly.
Have a disgruntled employee willing to risk it all? Well, they won’t just take themselves down. They’ll look over colleagues’ shoulders in an attempt to steal passwords. They’ll take USB drives into work to steal information directly from computers at the workplace. They’ll sneak sensitive information from well-meaning and trusting fellow staff members.
In order to prevent this, follow these steps:
- Do not allow employees to share passwords with one another.
- Have a policy in place about the use of USB devices.
- Once an employee leaves, make sure you immediately sever their connection to emails and company networks.
- Train your employees to be relatively suspicious of pressing questions from colleagues – they should feel empowered to say they can’t share certain information with certain individuals.
Yes, IT support is an integral part of your company’s security. But the employees responsible for day to day operations? Just as integral. Make sure your employees are trained on when, how, and where to share sensitive information. For support and user training in hacking prevention, please contact us today.