In this blog, we’ll cover some shockingly common employee and business practices within the workplace that can be detrimental to their Cyber Security.
But first, let’s go over why this is so important to talk about.
With continuous Digital and technological advancement around the world, it’d be quite a good guess to assume that you use an electronic device for your business, ranging from a “work phone” to a PC.
Furthermore, you might be surprised at how many businesses rely on IT, even if they don’t work directly in computing or digital services. For example, manufacturers are now heavily reliant on IT systems for automation, which are all connected to their networks and servers.
When you think about the implications of threat actors or malware infecting a network that controls machinery automatically, for instance, you can quickly see the value of businesses like us, to manage your IT. On the other hand, this is also why we want to raise awareness of incorrect employee practices.
Now we know the topic of discussion and why we’re discussing it, let’s get into outlining these “shocking business practices”.
Poor Password Practices
A very surprising fact, based on 2023 data, is that “over 70% of Employees Keep Work Passwords on Personal Devices”. This was based on an official report from SlashNext.
Specifically, this means that roughly 4 out of every 5 employees, who underwent the SlashNext BYOD Security review, have “business passwords” saved on their personal devices.
In 2022, we saw that the use of personal devices and personal apps was a major cause of many high-profile corporate breaches. SlashNext CEO Patrick Harr stated, “This is a trend that will continue, as employees often use corporate and personal devices for work, effectively doubling the attack surface for cyber-criminals.”
What is the harm in storing your work passwords on your personal device you ask? The quick answer is that threat actors know there are fewer security controls on personal mobile devices than on corporate ones. Therefore, personal devices make an easier target for most Cyber Attacks.
Additionally, if you were to breach an employee’s work device such as a PC, this is a lot easier to identify for the business IT department or outsourced service provider than an employee’s unmonitored device.
Now the Cyber threat has been identified, we will now move on to giving our Solution.
Our Cyber Security Solution?
The simplest method of avoiding this Cyber Threat is providing employees with a separate phone just for work. Even though this solution sounds quite simple, you may be surprised to learn that in fact, 87% of businesses rely on their employees to use their personal mobile devices to access company apps, according to an official report by Syntonic.
Not only is this a shockingly high percentage, but it also emphasises the danger of our Cyber Threat mentioned earlier. This is why we would encourage businesses to make it a strict policy for employees that they can only store business information on “work” phones, if any.
Cyber Security awareness training is also a great starting point for helping protect employees and businesses. We appreciate the importance of Cyber Security training greatly, as you can see from our own services.
Now that we’ve identified the harm of storing passwords on personal devices, let’s move on to the next employee practice that can be just as harmful.
Not doing Software Updates
I’ll be the first to say, we all share the frustration with turning on our work laptop or PC and seeing that there are 4 updates to complete. However, keeping up-to-date on all of your applications and software is crucial.
This is because Cyber Security patches and updates are continuously released within these updates, which counters certain malware and Cyber threats. The danger in this is when you skip or postpone these updates, you will be put at an extremely higher risk of any malware or breaches.
Of course, you may think that this is an obvious practice that can cause the risk of Cyber threats. However, a study in 2017, conducted by the University of Edinburgh, asked 307 people to discuss “their experiences of installing software updates”.
Nearly half of them said they had been frustrated updating software. Therefore, they avoided installing updates for “as long as possible” as it interrupted workflow and “wasted time”.
What’s even more surprising about this study’s findings, is what happened only a year before that.
In 2016, an infamous ransomware attack called WannaCry demonstrated how hundreds of thousands of computers in more than 150 countries were vulnerable because they didn’t update their software. The victims included Britain’s National Health Service, logistics giant FedEx, Spanish telecom powerhouse Telefonica and even the Russian Interior Ministry.
Here is a screenshot of what this attack looked like for some users:
What makes this so surprising is that, even after a massive Cyber threat like WannaCry, a year after, many users still don’t update their software immediately due to frustrations.
Now we know the Cyber threat caused by not updating software regularly, let’s move on to giving our Solution.
Our Cyber Security Solution?
As most users don’t update their software due to the frustration associated with them, our best solution to eliminate this bad habit is to simply train employees on the importance of updates.
It may very well be frustrating to wait for Windows to finish its longer updates, but we can’t stress it enough that your time isn’t wasted by doing them. Furthermore, the consequences of not doing them can be much more severe than a 5-10 minute wait.
Now that we’ve identified the harm of this practice, let’s conclude this blog with a final shockingly common practice that can put you at risk of Cyber threats.
Not using 2FA
2 Factor Authentication is a well-known security feature, found almost everywhere now on the internet, for example, it could be on your Google account if you’re logging into it from another device.
Due to how common it is to see on the internet, it’s most likely you already know what it is, however, for those that haven’t encountered it before, we’ll give you a quick rundown.
Two-factor authentication (2FA) is an additional bit of information or simply a password that you need to enter before you can access your account/sensitive info. It is an extra security layer that many services and websites offer as an optional addition to their standard login process.
There are several types of 2FA, for instance, Google and most other apps use a method called an OTP: One Time Password. This is usually a six-digit code generated via an app. The code can either be created at the moment the user logs in, or the app constantly swaps new codes in sync with the internal server clock.
These apps work offline and are fast to set up. The only downside is that you need to manually type in the code. A quick example of what one could look like is below:
Now you know what 2FA is, it’s quite clear that enabling 2FA on all of your possible accounts holding sensitive information would be a good idea, right?
You’d be absolutely right, as a matter of fact, the newest official statistics from Microsoft state that “99.9% of compromised accounts did not use multi-factored authentication”.
However, it is shocking just how many users don’t use this additional security feature.
Furthermore, businesses follow suit with this trend too, a study conducted by LastPass in January 2023, found that only 26% of businesses out of a sample of 560 used 2FA.
Now we’ve gone over this practice, let’s finish this blog by telling you our Solution for this practice.
Our Solution?
This will be very similar to our solution for users who don’t update their software regularly. The best way to minimise any Cyber threats, in this case, is to simply enable 2FA if you haven’t already. It’s free and doesn’t take a lot of time to set up at all.
Additionally, looking at the Microsoft statistics mentioned earlier, it’s quite clear that it is worth the time and effort to implement.
Cyber Security awareness training is also a great solution as it will teach employees how important 2FA is to you and your businesses Cyber Security.
Conclusion
This concludes our blog on shockingly common employment practices that can expose businesses to various Cyber threats. We hope you’ve liked this slightly longer format blog and that you’ll stick around to see our future releases, covering everything from recent IT News to Knowledgebase articles. Thanks for reading!
