Most breaches start with something an employee did, not a sophisticated hack. Your team is your first line of defense, but the same people can hand attackers the keys without realizing it. Here are four habits that put your business at risk, and what to do about each.
1. Sloppy web browsing
Don't click anything that looks off. That rule still holds, but it's harder to follow than it used to be. Bad links and fake sites are better disguised now.
Check the address bar before you hand over any data. A secure site uses "https" (the "s" stands for Secure). If you only see "http" with no "s", don't enter anything you wouldn't want a stranger to read. You have no idea where it ends up.
Skip the ads, or block them. Hackers buy space on ad networks to push malware onto a machine and the network behind it. An ad blocker like uBlock Origin, which works in Chrome and Firefox, cuts that risk off at the source.
2. Weak and reused passwords
This is the worst security habit out there. People pick simple passwords, reuse the same one everywhere, or both.
Here's why that's dangerous. If one password gets caught in a data breach you never hear about, and you used it everywhere, an attacker can walk into every account tied to it. No hacking required. They just log in.
The fix: use strong passwords, change them every 60 to 90 days, and never reuse an old one. That sounds like a chore, but a password manager like 1Password or LastPass does the work for you. It generates new passwords and keeps them straight across every app and account, so the "too tedious" excuse falls apart.
3. Unsecured connections
Remote workers run into this most, but it applies to everyone. WiFi is everywhere, and joining a network takes one tap. That's the problem. If you can connect to an unverified network that fast, so can the risk that comes with it.
Unless someone is on company-issued hardware, you have no idea what's protecting their device. The simplest policy: no company property on unsecured networks like public WiFi.
Have employees connect through a secure network and a VPN instead. That sits on top of the endpoint security every device on your network should already have: malware protection, antivirus, anti-spyware, anti-ransomware, and a firewall. Put as many gates as you can between your business and the open internet.
4. No idea what current threats look like
How much does your team actually know about today's threats? If you can't answer that, or the answer worries you, it's time to fix it. A staff that can't spot a phishing email, or doesn't know who to call when something looks wrong, is one of the biggest risks you have.
One opened email or one bad link can compromise the whole business. You end up with a data breach, or a hacker holding your data hostage until you pay. This happens to businesses every day, and attackers are relentless. Given the chance, they'll use your own people against you.
So train them. Get your team up to speed on the threats aimed at your business. A managed service provider or IT services partner can run that training and help you close every gap in this list. A team that knows what to watch for protects itself and the company along with it.