cybersecurity mistakes that could put your job at stakeWe’ve all heard that good cybersecurity practices are critical to protecting you and your information, but did you know the cybersecurity mistakes you make could cost you your job? To reduce the chances of you finding yourself in that exact situation, we’re detailing four cybersecurity mistakes that could impact your employment and what you can do to avoid making them.

Why would a cybersecurity mistake jeopardize your employment?

Before detailing the cybersecurity mistakes that could result in your termination, let’s first dig into how and why a cybersecurity mistake could impact your job in the first place. When it comes to your company’s security, one point to always keep in mind is that human negligence is known to be a major reason why information that should be secured, such as login credentials, customer data or sensitive company information, is compromised. In fact, according to CNBC, information security company Shred-it reports that “47 percent of business leaders said human error such as accidental loss of a device or document by an employee had caused a data breach at their organization.” A data breach spells trouble for a company, as it can lead to lost business and decreased trust — something that we regularly cover on our data breach blog.

Furthermore, cybersecurity mistakes can have financial ramifications too. In fact, companies pay an average total cost of $3.62 million in the aftermath of a data breach, according to a report from the Ponemon Institute. If you think of the average cost in terms of its potential impact on a smaller company, such as a new startup, it’s easy to realize that this kind of loss could spell its demise. But it’s not just data breaches that cost a company money: other cybersecurity consequences, including cases involving an employee who was persuaded to wire money to a scammer, can also be costly.

4 cybersecurity mistakes that could put your job at risk

Now that you know about the impacts of cybersecurity mistakes on businesses, let’s get into the four cybersecurity mistakes that could put your job at risk.

Not using strong passwords

When you create sign-in credentials for your online accounts, avoid using easy-to-remember passwords. That’s because passwords are the first line of defense to an account, and considering it’s easier than ever for hackers to crack weak passwords through cyberattacks and password cracking programs, using weak passwords makes a hacker’s job even easier. In addition to creating strong passwords, you’ll also want to make sure you’re not writing down your passwords on a sticky note or storing them in an unlocked file on your computer, as that defeats the whole purpose of using strong passwords.

How you can avoid making these mistakes: To ensure that you’re using stronger passwords, pick passwords that are at least 12 characters or longer and avoid reusing passwords. (Many services won’t require you to create passwords that are this long, but some of today’s password crackers are adept at figuring out shorter passwords.) You’ll also want to make sure that each password comprises a combination of numbers, special characters and lowercase and uppercase letters, as these combinations make for a stronger password.

If you have a hard time remembering all of your passwords, you may want to consider using a password manager, such as LastPass. Password managers securely store your login credentials, eliminating the need for you to write them down. Instead, all you would have to do is to remember your login information for the password manager, and that’s it — no more password fatigue!

Falling for a phishing email

Of the four cybersecurity mistakes that we’re mentioning, phishing scams can cause some of the most serious impacts on a business, as they can reveal confidential business information, cause the company to lose money to scammers and more. Phishing is something we’ve covered quite a bit in the past, but it’s something worth going over again, as it’s one of the most common crime reported to the FBI in recent years. Phishing can impact any business or organization, as we saw with the much-publicized cyberattack that hit the Democratic National Committee in 2016, which originated from a phishing email according to ZDNet.

Phishing occurs when a scammer tries to trick victims into fulfilling the scammer’s whims (e.g., convincing victims to provide some kind of information), all the while cloaking their schemes and malevolent intentions under a legitimate-looking guise. These emails generally appear to come from a legitimate source, like a vendor your company does business with or your company’s CEO, and they may contain links that, if clicked on, will download malware via an email attachment onto your device that grant access to your computer, email and more. The links could also direct you to a fake website, which could prompt you to sign in with your username and password. If you sign in, scammers would then be able to access the account or accounts corresponding with that login — not something that’s good for you and your company, especially if the sign-in information corresponds with any of your work-related accounts. Other phishing emails may attempt to convince you to carry out an action, such as wiring money, with fraudulent purposes.

How you can avoid making this mistake: As you can see, falling for a phishing email can result in major consequences. To avoid falling for one, a great step you can take is to educate yourself on the signs of phishing and how you can recognize them. You can start by reading our guide about this type of cyberattack and its different forms. When it comes to trying to see if an email attachment is malicious, for example, some of the precautions that you can exercise include checking the attached file to see if it’s actually a malicious application instead of a document and scanning the attachment with an up-to-date antivirus software before opening it.

Downloading malicious software

You’ll also want to be careful about what software and browser extensions you download onto your work devices. Malicious downloads could infect your devices with malware, which could result in criminals gaining access to your company’s networks, revealing business secrets and allowing cybercriminals to access any aspect of the business’ system that they can get their hands on.

How you can avoid making such mistakes: One of the best things you can do is to be very cautious about the software and extensions you’re downloading. Make sure you only download from legitimate sources, like the Google Play or Apple’s app store, and if you’re not sure if you should download software or add an extension, ask your supervisor or IT associate. Check out our guide to avoiding malicious browser extensions to learn more.

Mistakes outside the office

Oftentimes we think cybersecurity mistakes can only be made in the office, but the reality is what you do at home and around town can also impact the company you work for. For instance, you likely heard of someone who’s left their laptop, storage device and badge in the car when they went out for dinner, only to come back to find that their car’s windows have been shattered and their belongings are missing. Unfortunately, needing to replace your stolen belongings could be the least of your problems, as stolen devices storing company information can do a lot more harm, like causing a data breach — something that’s been demonstrated by the recent incident at the University of Michigan’s Michigan Medicine, which stemmed from a stolen personal laptop that stored work information.

Not securing your belongings isn’t the only costly cybersecurity mistake you could make; it’s also possible for you to accidentally give away more information than you intend to when you access free or public Wi-Fi, which is generally easily hackable, while working remotely. It’s also easy to accidentally connect to a hotspot that, at first glance, seems legitimate (if you’re at an airport, the illegitimate hotspot could be named after the airport, for example) but actually isn’t. As such, you’ll want to avoid accessing the Internet through public Wi-Fi at all costs.

How you can avoid making these mistakes: When you are out and about and have your work devices and work-related items in tow, avoid leaving them unattended and unsecured. If you’re in a situation where you do have to leave them unattended (e.g., you’re heading to a pub, and you won’t be able to adequately keep an eye on your belongings), make sure you lock your items in your trunk before you pull into the parking lot or swing by your house to drop them off before heading out for the evening.

As for how you can avoid using free, public Wi-Fi, there are several options at your disposal. You can opt to get a better data plan or your own hotspot, eliminating the need for you to connect to Wi-Fi in public. You can also use a VPN, which would encrypt your Internet connection and improve your security — as long as you use a legitimate one.

It’s easy to fall prey to hackers and scammers through cybersecurity mistakes, but now that you know about some cybersecurity mistakes that could put your employment at stake, you’re better equipped with the knowledge to help you secure your and your company’s information and privacy. To learn more about cybersecurity and how you can protect yourself, your loved ones and others, take a look at our cybersecurity blog.