The simple act for boosting cyber security hiding in plain sight
Sophisticated cyber threats and malicious acts pose significant risks to businesses across the globe, however a less conspicuous danger lurks within the workplace—the lax approach of employees towards basic cyber security practices.
With World Backup Day on 31st March, it’s timely to remember the seemingly mundane IT practices, that, when overlooked, can create chinks in the armour of organisational cyber security, leaving them vulnerable to potentially devastating attacks.
While many companies are regularly training people how to avoid phishing traps, most overlook the bigger risk hidden in plain sight – employees not turning off their devices regularly – preventing the security updates being applied.
With a holiday just around the corner it’s a great time to remind all employees everywhere to shut down their laptops and computers!
In a 2021 study by Savanta (commissioned by Kapersky) almost half of organisations surveyed confirmed they have some form of outdated technology. 48% went on to reveal that they’ve worked with employees who refuse to use new or updated versions of devices.
As many as 40% of respondents believed it was not their responsibility to update a work device, and that this obligation belongs to the employer. This statistic is compounded by 44% who admitted they are less concerned about updating their work devices than they are their personal ones.
Impact of Failure to Shut Down Laptops Regularly
In the busy modern workplace, employees often leave their laptops running continuously, neglecting the importance of regularly shutting them down. This seemingly harmless habit can have far-reaching consequences for organisational security. When laptops remain powered on without intermittent shutdowns, they become susceptible to a variety of threats, including malware, ransomware, and hackers.
One of the primary reasons behind employees’ failure to shutdown is the misconception that putting a laptop to sleep or in hibernation mode provides the same level of security as a complete shutdown. However, shutting down a device serves to refresh its memory, terminate running processes, and eliminate potential vulnerabilities. Failing to do so allows for the accumulation of residual risks, leaving a digital door open for cyber criminals to exploit.
In addition, prolonged periods of continuous operation increase the likelihood of software glitches, slowing down the system and making the device more prone to crashes. These disruptions not only hamper productivity but also offer potential opportunities for cyber adversaries to access systems during moments of vulnerability.
Employee Reluctance to Upgrade Software
Software updates are a cornerstone of cyber security, providing patches for identified vulnerabilities and enhancing the overall resilience of a system. Despite the critical role of software upgrades, a significant number of employees seem reluctant to keep their applications and operating systems up-to-date. This negligence arises from various factors, including concerns about interrupting work processes, fear of compatibility issues, and a lack of awareness regarding the importance of updates.
Outdated software poses a substantial risk to organisational security, as cyber criminals often exploit known vulnerabilities to gain unauthorised access. Malwarebytes’ “2023 State of Ransomware” report counted 1,900 total ransomware attacks in just four countries — the United States, France, Germany and the United Kingdom — in one year, with the U.S. accounting for almost half of those attacks.
The damages companies suffer due to ransomware attacks are also rising. Cybersecurity Ventures predicted such attacks will cost victims $265 billion by 2031 — a staggering increase from the $5 billion ransomware targets shelled out in 2017. This is the havoc that can be wreaked on organisations that fail to implement timely software updates. By neglecting these updates, employees inadvertently expose their businesses to preventable risks, compromising their own data and the sensitive information of clients and colleagues.
Companies must foster a culture that emphasises the critical nature of software updates and ensures that employees understand the potential consequences of delayed or neglected upgrades. Educational initiatives, clear communication, and user-friendly update processes can contribute to overcoming the barriers that impede the timely implementation of software patches.
Misconception Regarding Privacy Issues in New Updates
Another prevalent issue contributing to lax cyber security practices within organisations is the misconception among staff regarding privacy concerns in new updates. With growing awareness of data privacy and an increasing number of high-profile breaches, employees often express scepticism about the security implications of software updates. This scepticism, while rooted in a genuine concern for privacy, can lead to resistance and delayed adoption of crucial security measures.
To address this challenge, companies must prioritise transparent communication regarding the purpose and impact of updates. Employees need to understand that updates are not merely about feature enhancements but also about reinforcing the security posture of the organisation. Privacy concerns can be mitigated through comprehensive disclosure of the changes introduced in updates, emphasising the measures taken to protect user data and the organisation’s commitment to privacy compliance.
Conclusion
The biggest security risks that companies face today are not always the result of advanced cyber threats but can stem from the overlooked and neglected cyber security practices of employees. The failure to shut down laptops regularly, reluctance to upgrade software, and the misconception surrounding privacy issues in new updates collectively create vulnerabilities that can be exploited by malicious hackers.
Companies must recognise the significance of these seemingly mundane practices and invest in comprehensive cyber security education and awareness programs. Fostering a culture of security consciousness, where employees understand the implications of their actions on organisational resilience, is crucial for mitigating these risks. By addressing these neglected cyber security practices, companies can build a stronger defence against evolving cyber threats and ensure the protection of sensitive data in an increasingly interconnected and digital world.
