Six Employee Negligences That Can Cause Cybersecurity Risks For Business

Employees are the main factor in cyberattacks (photo: Kaspersky)

JAKARTA - A recent statistic Kaspersky reveals that, there are still many small or medium-sized businesses who think that their business can survive without cybersecurity solutions because of the assumption that they are unlikely to be targeted by cybercriminals.

However, the latest study actually reports the opposite, where nearly 46 percent of all cyberattacks target the MSME sector. According to data from the World Economic Forum, 95 percent of cybersecurity violations are caused by human error.

This fact was later corroborated by the 2022 Kaspersky IT Security Economics survey, which shows that about 22 percent of data leakage in the MSME sector is caused by employees. In many cases, this occurs due to negligence or lack of employee awareness.

There are various actions of employees that can accidentally cause serious security violations and endanger the security of the MSME sector. Among the most important are:

Weak passwords: Employees may use simple passwords that cybercriminals can easily hack, resulting in unauthorized access to sensitive data.

Phishing scam: Employees may accidentally or unconsciously click phishing links in emails, which cause malware infections and unauthorized access to the network. Most scammers can mimic email addresses that are thought to belong to legitimate companies, and when sending emails with document or archive attachments, they turn out to be malware samples.

The policy of Bring Your Own Device (BYOD): The existence of this policy makes employees often use personal devices to connect to the company's network, which can pose a serious security threat if the device does not have adequate protection against cyberattacks.

A number of companies allow employees to work in offices only with PCs approved with very limited data forwarding capabilities and a ban on USB flash drives. This approach, in fact, will not work in BYOD-driven companies," said Adrian Hia, Managing Director for Asia Pacific, at Kaspersky.

Lack of Patching: If employees use personal devices, IT staff may not be able to monitor device security or solve any security concerns. In addition, employees may not apply patch or update to their systems and software regularly, leaving a vulnerability that cybercriminals can exploit.

Ransomware: If there is a ransomware attack, it is important to set up a data backup, to have access to encrypted information even if cybercriminals have managed to take over the company's system.

Social Engineering: Employees may accidentally provide sensitive information such as login details, passwords, or other confidential data in response to social engineering tactics or phishing scams. Those who are more easily deceived are new employees who do not know the company's bias'.