The first thing to tell you is that users typically have lots of bad habits which can put the company at risk. The reason for this is primarily because they have not had appropriate training, they are unaware of the risks, and perhaps they are complacent. In many organizations employees’ interaction with IT systems and the wider internet is governed by a policy which must be adhered to or the employee faces disciplinary consequences.
The first bad user habit can lead to your IT systems being penetrated by many different viruses, and that is opening attachments that are not recognized. It might be completely benign, but on the other hand the attachment may harbor something far more sinister.
Next on the list is poor password management and this one is twofold. The first case is when users have the same or similar passwords for all of their online accounts, whether that could be social media or banking. Once the cyber criminals manage to crack one password, they have just cracked the code for the user’s entire online identity. The second big issue is that many users use simple passwords so that they are easy to remember which makes sense to the user, but of course that makes them easier to crack for unscrupulous hackers. You can enforce password complexity requirements on users to access the company’s IT infrastructure and it would be prudent to give wider training on password management to employees.
The third user habit is not having your guard up and being overly friendly to strangers. Most of us are telling our children not to speak to strangers but the reality of working environment is you will speak to strangers in your professional life. However, users need to be wary of people who are trying to social engineer on phone calls or face to face to get information which will allow them to gain access to online platforms. More commonly this kind of activity is called phishing, and hackers often do their homework, and they can be very convincing as often they are armed with small pieces of information they have gathered from elsewhere to fool the victim into trusting them.
In some organizations users are restricted so that they are unable to download software to their laptops/PCs. However, in companies where employees can download applications, they should be updating and patching regularly so that any security vulnerabilities are managed. Again, most users probably click away the prompts to update as it slows them down when they are trying to work. The organization will need to provide training to ensure that employees understand the importance of maintaining the software they have installed.
The final bad user habit is probably the simplest to avoid, and that is leaving your laptop or PC logged in and walking away. This could be in the office, or worst of all in a public place such as a cafe. Whilst most organizations install an automatic lock on a device which requires a password to unlock, it is usually set at a few minutes. That will leave plenty of time for an opportunist to gain access to the computer and potentially cause a huge amount of damage to the organizational IT infrastructure.
These are just five bad habits but unfortunately users have many more. The key to safeguarding against this is to train users periodically and perform random checks to ensure the policy is being adhered to. Whilst this may not prove popular with employees, it might just save the organization a lot of potential damage both to its IT infrastructure, and to its reputation.