5 Ways Employees Can Compromise Security
September 30, 2019

Many organizations fail to secure one of their biggest defences, their employees. According to a cyber risk report by insurance company Chubb, only 31% of companies receive annual cybersecurity training. This means nearly 70% of companies fail to update employees on the latest cyber threats, leaving their first line of defence vulnerable.

Source: nCipher

Employees play a great role in your organization’s overall security. They hold the keys to your organization and have the power to let in bad actors. A simple click on the wrong link or falling for a BEC scam can lead to great financial loss. It’s important to increase security with your employees to avoid insider threats. Here are 5 ways employees can put your security at risk.

Employees as Your Weakest Cybersecurity Link

1. Lack of security awareness: Some employees may not intend to expose a company to cyber threats but may do so due to lack of knowledge of common cyber threats or human error. Hackers can easily exploit uniformed employees by crafting very convincing and legitimate looking phishing emails. Phishing is a common cyber attack employees encounter and 83% of global organisations experienced phishing attacks in 2018 according to a phishing report by Proofpoint. Employees can inadvertently fall victim to phishing attacks by clicking on malicious links or accidentally sending confidential or financial information to hackers.

How to fix: Build good user security habits by engaging employees with cyber awareness training. It’s important to continuously refresh employees’ cyber knowledge so that they remain alert and retain the information.

2. Bad password habits: Employees often reuse passwords across multiple sites or use simple, easy to guess passwords. While most do this to save time and avoid forgetting passwords, this puts credentials at risk. If a hacker buys stolen credentials off the dark web, they can use brute force attacks to try to gain access to the person’s other accounts.

The fix: Require all passwords to have alphanumeric characters to ensure that weak, common passwords are not used. To help combat the issue of forgetting passwords, consider tweaking your password for each website so that every password is slightly unique. For example, your Twitter password may be Popc0rntwt but your Facebook password may be Popc0rnfcbk. Since the base password is the same overall, it might help users remember their passwords better.

3. Using unsecure networks: Remote employees or those on the go may be tempted to use public WiFi to work or access important documents. While public WiFi is convenient it is usually not secure or encrypted, meaning there is a chance that bad actors can intercept or steal data. Even networks in shared office spaces can be vulnerable. Just recently, shared workspace WeWork came under fire for having insecure WiFi that allowed several companies’ devices, client databases and financial records to be visible on the building’s network.

The fix: Employees on the go should either use a VPN or their cellular data when working with or accessing corporate materials/information.  

4. Browsing unsafe websites: Whether by accident or on purpose, employees sometimes access unsafe websites while at work or connected to the corporate network. Many unsafe websites have malicious links embedded in ads or hidden within the website, meaning malware can be installed in just one click.

The fix: Installing endpoint security on corporate devices will provide advanced protection against the latest cyber threats. Blocking malicious websites from the corporate network will also ensure that no one will be able to access them.

5. Using unauthorized devices/apps: Shadow IT is a growing threat for organizations as more employees connect to corporate networks with their own IoT devices. Most unauthorized devices or apps are not supported with the security functions or standards that are present in those that are managed by an organization. This means that employees could be using vulnerable or outdated technology that could expose an organization to attacks.

The fix: Monitor the corporate network to learn what devices are being used within the corporate network infrastructure. SIEM log data can also help identify the use of traffic over time to identify shadow IT.

You May Also Like…


Submit a Comment

Your email address will not be published. Required fields are marked *

Solutions to Grow Your Business

We've got you covered with our comprehensive portfolio of solutions.

Cybersecurity Solutions

Cyber Incident ​Response
Endpoint Detection and Response (EDR)
Extended Detection and Response (XDR)
Firewall Security
Mail Security
Penetration Testing Services
Security Baseline Assessment
User Defence
Vulnerability Detection Response (VDR)
Wi-Fi Security

Backup & Recovery Solutions

Hybrid Backup
Enterprise Backup
Mail Archiving

Public & Private Cloud Solutions

Azure Management and Monitoring
Microsoft 365 Administration
Private Cloud
Microsoft CSP

Helpdesk & Field Services Solutions

Professional Services & Consulting Solutions

Monitoring & Management Solutions

Hardware Maintenance Solutions

Application Management Services

Telco Industry Solutions

AI Business Solutions

Your partner in digital transformation

Helping the next generation of MSP and IT solution providers transform and grow.

businessmans handshake

Types of Partners

Managed Services Provider (MSP)

Internet Service Provider (ISP)

Value Added Reseller (VAR)

businessmans handshake

Partnership Overview

Jolera’s partner program offers flexibility to engage with us on your terms. We have spent more than two decades building award-winning best in class partner enablement and turnkey end-customer solutions for you.

Partner Program

Jolera has three partner programs to choose from: Select, Preferred and Premier.

Learn about us and the legacy we have created

At Jolera, we treat each MSP partner with specialized care. With more than 20 years of IT experience, we offer the latest technology to navigate cloud, security, endpoint, and storage needs.

vintage pocket watch vintage background concept

About Us

Jolera is widely recognized as a global managed services leader. We started as managed services provider over 20 years ago and have been at the forefront of managed services innovation ever since.


Our People

As a service provider our main goal is to make the customer happy. For that final goal, we need passionate and happy people working with us – Our People Are Our Biggest Asset.


Our Leaders

We are performance driven at the core - tying together best of breed technology and industry leading expertise with pragmatic processes built to deliver outcomes.

Meet Our Leaders!