According to a report from IBM Security and the Ponemon Institute, data breaches cost organizations an average of $3.86 million per attack between August 2019 and April 2020. While secure email services have built-in data protection, human error is a significant cause of data breaches. Every employee can take steps to prevent unauthorized access to the company’s information.
Don’t use weak passwords
Weak passwords lead to stolen data. If a thief can figure out someone’s password, it’s easy to log in and access sensitive information. Employees shouldn’t use a password based on information that’s public or easy to guess, such as their birthday, company’s name, or simple words such as “password.” A password manager can help to keep track of complex passwords that are more secure.
Watch out for fraudulent emails
Attackers often trick employees into actions that put the company’s data at risk. Ransomware and phishing are two of the biggest threats to security.
Choosing modern secure email services can help take this burden off employees by flagging suspicious senders, sandboxing attachments and using browser isolation to eliminate the impact of suspicious links.
Suspicious links lead to ransomware
Ransomware involves kidnapping data and charging its owner a ransom to unlock it. The thief sends an email that tricks an employee into clicking on a link that downloads malware, which is software that encrypts data. Once the malware encrypts the data, the thief charges the victim to unlock it. It’s best to avoid clicking on any unverified links from unknown senders.
Phishing attacks put data at risk
Attackers send an email that looks like a legitimate request from a bank or other trusted contact. Phishing emails trick employees into revealing passwords or other personal information that allow the thief to access confidential information. Sometimes a phishing email will convince an employee to send information directly to the bad actor.
Always back up data
Backing up data creates a copy that a company can access in the event that ransomware locks the main source of their data. Companies should ideally back up data offsite automatically, but all employees should be sure to save their data on drives that are backed up. Some companies may want to encourage employees to back up data manually in between automated backups.
Prevent data leakage
Employees should learn how to keep data from leaving their office in physical form.
Secure portable devices
Employees should make sure that any device with private information locks with a passcode after a short period of inactivity. Portable devices such as phones and tablets are easily stolen, and unlocked devices give any thief full access to their private information.
In case a thief bypasses a portable device’s locking code, encryption software will keep them from accessing sensitive information. Good encryption will also prevent data from being accessed by outsiders while ‘in transit,’ i.e. when an email is being sent from one person to another.