An average employee uses approx 2.5 devices for work. So imagine an organization with a thousand employees. That's 2,500 endpoints, or rather, 2,500 different ways an attacker can defeat violation your organization. Now, while IT and security teams are working tirelessly to keep these endpoints secure, it often comes down to employees and how much they understand the value of good cyber hygiene.

Connected: The world is doubling down on cyber security

Small mistakes can lead to major data breaches

Last month, we observed another Safer Internet Month, reiterating the importance of encouraging strong and safe security habits. Actually, Verizon 2023 Data Breach Investigations Report (DBIR) indicates that 74% of cyber attacks are caused by human error.

Consider the 2021 breach of Sequoia Capital, for example. The breach highlights the destructive potential of poor cybersecurity hygiene. Through a successful phishing attackers were able to expose sensitive data from one of Silicon Valley's oldest and most prominent venture capital firms. However, responsibility for such a breach can be attributed to either the attacker's ingenuity, the employee's carelessness, or both. However, in other cases, poor security habits have directly impacted an organization's security posture.

In 2020, Marriott International experienced a data breach that affected 5.2 million guests. The attackers used the stolen login credentials of two employees to gain access to the hotel's servers. This breach illustrates the danger of weak password policies and the need for strong authentication mechanisms.

These scenarios underscore a critical lesson: in cybersecurity, there is no margin for error. Any small oversight can be utilizedleading to significant and often devastating consequences.

Connected: Cyber ​​security attacks are on the rise – is your business prepared?

Everyday actions that make a difference

Let's start with the basics – Passwords. The Verizon report also found that stolen or compromised credentials are the top entry point for data breaches, accounting for 49% of initial system access. Password security is easily overlooked, but remains a fundamental and crucial method of securing our systems. Either on their own or through password managers, employees should be encouraged to use unique, complex passwords for each account and change them regularly. Moreover, turn on multi-factor authentication (MFA) whenever possible.

One of the most essential steps employees can take is to be careful when sending emails. The main culprit to be aware of here is phishing. Phishing remains one of the most widespread methods used by cybercriminals, with approx 3.4 billion spam emails sent daily. This means that for every 4,200 emails sent, one will be a phishing scam. As seen with the Sequoia breach, these messages are often disguised as legitimate emails from trusted sources. Employees can significantly reduce the risk of phishing attacks by verifying the authenticity of email addresses and avoiding clicking on suspicious links. Additionally, employees should also report suspicious emails to the IT department. Many users simply delete such emails, preventing IT from reporting them in the future.

Regular software updates are another simple but effective measure employees can take to increase security. understand; OS updates alone are hectic, not to mention dozens of other apps. However, ensuring our devices and applications are always up-to-date with the latest security patches helps close potential entry points for attackers. A bonus tip – many updates can be configured to install automatically on shutdown. So shut down your computer at least once a week.

Another frequent troublemaker is public Wi-Fi. Employees should be trained to use encrypted channels such as AfL when using public Wi-Fi networks or avoid them altogether if possible. Additionally, employees must also be aware of their surroundings when working with sensitive data in public, making sure that no onlookers can view this information.

Connected: 3 Reasons to Step Up Your Cyber ​​Security Protocols in 2024

Implementing a resilient security posture

While cyber hygiene and secure habits are critical to a resilient security posture, organizations should never put all their eggs in one basket. By using modern solutions and practices, organizations can ensure that safer habits are continuously encouraged and supported.

Let's start with Unified Endpoint Management (UEM) solutions. A UEM provides a tool for managing devices with different form factors and operating systems from a single console. Such management capabilities allow administrators to push policies that ensure every employee follows safe security practices. For example, a UEM can push password policies that ensure every employee uses unique and complex passwords and changes them frequently. On the other hand, a UEM's network policies can restrict the use of public Wi-Fi and ensure that corporate-owned devices only connect to secure company networks.

Additionally, UEMs also provide patch management capabilities. This allows administrators to keep every device in their organization, whether in the same office or half a world away, tuned and up-to-date.

Next are Identity and Access Management (IAM) solutions. These tools manage user identities, ensuring that the right users have access to the right resources. Through capabilities such as single sign-on (SSO), multi-factor authentication (MFA), and role-based access control (RBAC), IAMs ensure that access privileges match an employee's role within the organization.

The final piece of the puzzle is employee training. However, while a puzzle may have one final piece, employee training is an ongoing process that any organization must continually prioritize. Simulated phishing attacks, regular seminars and ongoing awareness campaigns can help employees become more aware of the threats lurking around them and allow them to better counter such threats.

Small things matter a lot in the ever-evolving cyber threat landscape. By fostering a culture of security awareness and leveraging the right tools, businesses can build a resilient security posture that protects their endpoints, data and employees.