Home Others 6 Common Cybersecurity Mistakes Employees Make

6 Common Cybersecurity Mistakes Employees Make


Cybersecurity issues are worsening daily, particularly for companies that depend on data to serve their customers and clients. Today’s cybercriminals target any kind of organization, including small businesses, large companies, and government agencies.

While most companies invest a lot of money in cybersecurity solutions to protect against external threats, human error concerns can easily go unnoticed. Unfortunately, human mistakes pose the biggest threat to an organization’s cybersecurity efforts.

Here are six common cybersecurity mistakes employees make.

1. Using weak passwords.

One of the most common cybersecurity mistakes employees make is using weak passwords. Life is a bit easier when you only have just one simple password to remember. However, reusing weak passwords in multiple accounts can lead to easier exploitation by hackers. Weak passwords are easy to guess and are one of the simplest ways to break into a company’s system. Apart from a strong password, using multi-factor authentication can help a company add an extra layer of security against hackers.

2. Falling for phishing scams.

Most data breaches in the workplace are a result of phishing scams. This occurs when employees click on malicious links or download attachments in phishing emails, exposing their companies to disastrous ransomware and other malware attacks.  

Phishing attacks trick employees into revealing sensitive information, such as login and credit card information. Therefore, businesses, both small and large, should conduct regular cybersecurity training to educate their employees on how to identify phishing attempts and the actions to take in case they encounter suspicious messages or emails.

3. Connecting to unsecured public Wi-Fi networks.

Public Wi-Fi provides a convenient way to work when on vacation, at the airport, or in a café. Remote workers or employees who travel frequently for business can also use public Wi-Fi to work on the go.

Nevertheless, using unsecured public Wi-Fi connections can pose considerable risks to a business’s sensitive data. Employees who connect to these networks without proper security measures are vulnerable to hacking and unauthorized access. Attackers can also use public Wi-Fi networks to install malware on cell phones or laptops of staff who have enabled file-sharing on their devices.

Companies should advise employees to avoid using public Wi-Fi networks to connect to corporate systems without a secure network to fight cybercriminals. Fortunately, there is a host of VPNs that can be highly beneficial. Using a strong VPN when accessing your company’s networks or transmitting sensitive information allows you to encrypt data and prevent it from possible intrusion or theft.  

4. Neglecting software updates.

Updating company software with patches or updates provided by manufacturers is often neglected, but it’s a vital step. Hackers stay on top of the latest news about known vulnerabilities in popular software. Therefore, the IT team should stay ahead of the attackers by protecting company resources and installing the fixes.

NIST recommends setting devices that access the company network, including mobile phones, to automatically update operating system software and other programs. Remote workers should also regularly install security updates to their routers to protect against external threats. Ensure your remote workers know how to update router firmware and company-provided devices and send them reminders on how and when to do so.

5. Using unsecured personal devices to access company data.

Using unsecured personal devices such as laptops and mobile devices to access sensitive data can unwittingly compromise a company’s security. Unlike company-provided devices, which are patched regularly, employees’ devices might contain loopholes and vulnerabilities, making them an easy target for hackers. To prevent this, companies must implement policies that prohibit the use of unsecured personal devices and impose the use of company-owned devices that have proper security controls.

6. Lack of proper data backup.

Failing to back up essential data regularly can cause ruinous consequences such as downtime and data loss in case of a system failure or cyberattack. For instance, ransomware can deny user access to files on their computer.

Since the malware will encrypt these files and demand a ransom payment for the decryption key, a company has to pay the attackers to regain access to their files if it doesn’t have a recent backup. Employees should regularly back up data to secure offline storage to ensure critical information can be retrieved in case of a security breach.


Human errors are one of the major problems in ensuring the security of company systems. Cyberattackers more and more often choose to get into the company network by exploiting the employees instead of hacking into the system directly from the external perimeter. Ensure you properly educate your employees about security and the risks involved to reduce cybersecurity breaches and protect your sensitive data.