By Veselina Dzhingarova

Large companies have human resource departments to raise employee awareness about the type of comments, images, and remarks that are “NSFW” (“Not Safe for Work”), but at small businesses this duty usually falls to you, the owner. Such training is needed to prevent cyberattacks from harming your business’s computer networks or from disclosing personal or financial information about your customers.

In spite of trainings and warnings to the contrary, employees continue to do things on their work computers and mobile devices that expose your business’s networks and systems to cyberattacks. Here are the top five unwise activities that you must train your employees to avoid:

-More than one-third of surveyed employees admit to opening spam emails or other communications that they suspected of containing malware. Roughly the same number admit that they would not recognize a “phishing” attempt sent to them through corporate email channels, and more than half doubt that their co-workers would be able to recognize an email scam. If you have any doubts about the source of an email or attachments to it, refrain from opening them.

-Everyone likes free Wi-Fi, but public Wi-Fi hotspots are open doors for hackers to steal passwords and other information that can be used to access a corporate network. Hackers use those locations to insert themselves into communication channels with “man in the middle” attacks. They can also set up parallel Wi-Fi hotspots that look like a free service, but which track every keystroke that a person makes while on the network. Small business owners should pay a bit more for cellular data plans that employees can use in lieu of Wi-Fi when they are away from the office, and employees should avoid free public Wi-Fi to the fullest extent possible.

-The famous (or infamous) whistleblower, Edward Snowden, reportedly accessed highly confidential National Security Agency files through the use of shared passwords that other NSA employees allowed Snowden to use. Recent court cases have indicated that sharing passwords is illegal and can lead to criminal prosecution. The detrimental effects of sharing passwords include opening protected parts of a corporate network to individuals who have no right or authority to access those parts. The best practice is never to share a password or login credentials with anyone else, including coworkers.

-An employee might be tempted to use an employer’s faster Internet connections to download a movie or some other large file with a BitTorrent client, but torrent client applications have been linked to distributed denial-of-service (DDoS) and other large scale hacking attacks. Moreover, many people use anonymous torrent clients to illegally download copywritten materials, which can expose both an employee and the employer to legal problems. Torrent clients should never be used for file downloads on work computers.

-Many employees cannot resist the temptation to check their social media feeds during the day on their work computers. Social media, however, is a gold mine for hackers who are mining for personal and professional information to launch phishing and other hacking schemes. A link request or ad on a social media page that is opened on a work computer can be a gateway for a serious cyberattack on the employer’s network.

Cyber insurance companies have identified other risky employee behavior that can catalyze a cyberattack, and those companies are working diligently to educate businesses and their employees to eliminate those behaviors. When risky employee behavior does open the door for a data breach or hacking attack, cybersecurity insurance can help an employer recover from the attack with reimbursements for lost or damaged data and systems, and compensation for third parties whose data may have been compromised in the attack.

_________

Veselina Dzhingarova is cofounder of Dzhingarov and writer at TravelTipsor.