Cygilant Blog

The 3 Most Common Cybersecurity Mistakes Made by Employees

Posted by Security Steve on Feb 1, 2016



Employees are the lifeblood of an organization, and if they neglect good cybersecurity practices, the company's overall cyber defenses are weakened. Here are three common cybersecurity mistakes employees make—and the best ways to address them.

1. Falling for Phishing

Phishing may be a common scam, but employees are still falling for it. Between late 2013 and August 2015, the FBI found that more than 7,000 U.S. companies were victimized by business email scams—with total losses exceeding $740 million. A single well-written phishing email can confuse employees into clicking a fraudulent link that installs malware on company machines, or can trick accountants into wiring money into false banks accounts purportedly owned by company executives traveling overseas.

Employees need regular training to remind them to be on guard against phishing attacks. Organizations can also implement strict security protocols. For example, security tools can be configured to make every emailed link employees click result in a pop-up that warns them to think twice before proceeding to the link destination.

2. Plugging in Mystery Devices

A common cybersecurity experiment is to leave unidentified USB sticks out in public to see how many people will take the strange devices and plug them in. In a recent case, researchers from the trade association CompTIA left thumb drives out in locations such as coffee shops and airports, and about 1 in 5 of the 200 people who encountered the devices plugged them into their own machines. If these USB sticks had been planted by malicious hackers rather than researchers, the individuals who plugged them in would have been exposing themselves to cyber attacks.


A real danger is if an organization's employees choose to plug in unfamiliar USB sticks left on company property by hackers. Thankfully, network security monitoring can counter this threat. A basic element of network security monitoring is asset discovery and monitoring. This means taking inventory of what authorized and unauthorized devices exist on a network so that defense teams are not caught off guard by rogue equipment. A managed security service can provide this much needed cyber defense tactic.

3. Using Weak Passwords

Passwords are a big source of cybersecurity risk for companies. However, if employees follow good practices for password management, organizations will be considerably more secure.

One technique is to make passwords unique. Employees should use a unique password for each work account, and not the same password that they use for other purposes such as their personal social media accounts. That way, if their personal account is compromised, their work account won’t be affected.


Another technique is to make passwords strong. Cybersecurity expert Bruce Schneier offers helpful advice about how to create robust passwords. The reality is, most passwords that can be easily remembered can be easily cracked. The strongest passwords are randomly generated ones, and password managers such as KeePassX can store them so that users only have to remember the single password for their manager and not each individual one.

Choose EiQ's Managed Security Services

Even if employees adhere to good cybersecurity practices, a company's IT assets may still be at risk. For many organizations, the answer is a managed security service such as EiQ's SOCVue. It supplements what in-house cybersecurity teams do with 24/7 network security monitoring provided by EiQ's staff so that a company can be fully protected from online dangers, even with employee best practices in place.


More and more, organizations who were previously understaffed, underbudgeted, and overwhelmed are finding that EiQ’s hybrid SaaS security services that combine the best people, process, and technology are a welcome change from going it alone. EiQ is transforming how mid-market organizations build enterprise-class security programs. Acting as an extension of our customers’ IT teams, EiQ’s SOCVue provides continuous security operations based on best-of-breed technology at a fraction of the cost of alternative solutions. EiQ is a trusted advisor to organizations that need to improve their IT security and compliance posture by protecting their infrastructure against cyber threats and vulnerabilities.


Would you like to learn more about how EiQ can help? Sign up for a SOCVue demo today.


Request Free Demo Now!


Top image credit: m.jrn/Shutterstock


Tags: Cyber Attack, Cybersecurity, Hacking, InfoSec, Phishing, Internal Threat, Password

Most Recent Posts

Subscribe to Email Updates