Your Employees Are Letting Hackers Into Your Company By Doing These 5 Things – Here’s What You Can Do To Stop It!

Your Employees Are Letting Hackers Into Your Company By Doing These 5 Things – Here’s What You Can Do To Stop It!

If You Are Plugged In, You Are A Target

If you run a small business, you are a target for cybercriminals.  I know you don’t believe it but I see it all the time.   It’s just a fact of life, if you’re plugged in, you are a target.

Hackers, scammers, and cybercriminals of all kinds target small businesses because they are plentiful, and most times, they lack good cybersecurity  - if they have any!. Here’s the real crime: these criminals don’t need to use malicious code or advanced hacking skills to get what they want. In reality, many of them target your weakest link: your own employees.

Your Employees Are Your Weakest Link In Your Business Security

It’s a sad truth, but every day, employees of small businesses let hackers right in because they don’t know better or they aren’t paying attention. They see an e-mail from the boss or the bank or the shipping company, open it and click the link inside. By the time they realize they’ve made a mistake, they’re too embarrassed to say anything and try to pretend it didn’t happen. From there, the problem gets worse. Actions like this can end in DISASTER for your business.


The problem is that most employees don’t have any training to identify and report computer security issues. They aren’t familiar with modern threats or they don’t know to not click that e-mail link. There are many things employees are doing – or not doing – that cause serious repercussions for small-business owners. Here are five things users do that allow hackers to waltz in through your front door.


  1. They don’t know better. Many people have never been trained in cybersecurity best practices. While some of us may know how to protect our network, safely browse the web and access e-mail, many people don’t. Believe it or not, people do click on ads on the Internet or links in their e-mail without verifying the source. It happens every day.


This can be fixed with regular cybersecurity training, what we call “User Awareness Training and Testing”.   It’s not enough to do a onetime training, you also need to continually test your users to keep it top of mind.    Call in an experienced Cybersecurity services firm like PICS ITech and set up training for everyone in your organization, including yourself. Learn about best practices, current threats and how to safely navigate today’s networked world.  In the Philadelphia area, we are experienced with User Awareness Training and Testing as well as a full suite of cybersecurity services.


  1. They use bad passwords. Many people still use bad passwords like “12345” and “qwerty.” Simple passwords are golden tickets for hackers. Once they have a username (which is often just a person’s actual name in a business setting), if they can guess the password, they can let themselves into your network.


Many security experts suggest having a policy that requires employees to use strong passwords. Passwords should be a mix of letters (uppercase and lowercase), numbers and symbols. The more characters, the better.  A minimum of 8 and a maximum of 64!   On top of that, passwords need to be changed frequently, and employees should use a different password for every account.  Using the same password exposes your company to have its network breached and exposed on the Dark Web.   Employees may groan, but your network security is on the line.


  1. They don’t practice good security at home. These days, many businesses rely on “bring your own device” (BYOD) policies. Employees use the same computers, tablets, and phones at home and at work, and if they have poor security at home, they could be opening up your business to major outside threats.


How do you fix this? Define a security policy that covers personal devices used in the workplace, including laptops, smartphones and more.  After the policy is defined consider added “MDM” or mobile device management software to the device so that you have some level of control.   This is where working with a managed IT services firm can be hugely beneficial. They can help you put together a solid BYOD security policy and help you with managed mobility services.


  1. They don’t communicate problems. If an employee opens a suspicious file in an e-mail, they might not say anything for fear of repercussions. They might be embarrassed or worry that they’ll get in trouble. But by not saying anything, they put your business at huge risk. If the file was malware or worse ransomware,  it could infect your entire network.

What You Can Do To Protect Your Company

Employees must be trained to communicate potential security threats immediately. If they see something odd in their inbox, they should tell their direct supervisor, manager or you. The lines of communication should be open and safe. When your team is willing to ask questions and verify, they protect your business.  See something, say something.


  1. They fall for phishing scams. One of the most common scams today is the phishing scam. Phishing is when an email comes in from a cybercriminal looking like it came from a legitimate business.  Cybercriminals can spoof e-mail addresses to trick people into thinking the message is legitimate. Scammers often use fake CEO or manager e-mails to get lower-level employees to open the message. Criminals will do anything to trick people into opening fraudulent e-mails.   See The Cost of Not Paying Attention for how this could invalidate your insurance policy.


Overcoming these threats falls on proper training, testing, and education. Phishing e-mails are easy to spot if you take the time to do it. Look at the details. For example, the CEO’s e-mail might be, but the scam e-mail is from Using a zero instead of an “o”.  It’s a small but significant difference. Again, it’s all about asking questions and verifying. If someone isn’t sure if an e-mail is legit, they should always ask.


Get a Free Cyber Security Risk Assessment

If you would like to see how vulnerable your company is, I would like to extend a free initial cyber-security audit with a member of my team.

Why Free?

Frankly, we want the opportunity to be your IT services company. We know we are the most competent, responsive and trusted IT services provider to small businesses in the Philadelphia area.

However, I also realize there’s a good chance you’ve been burned, disappointed and frustrated by the complete lack of service and the questionable advice you’ve gotten from other IT companies in the past. In fact, you might be so fed up and disgusted with being “sold” and underserved that you don’t trust anyone. I don’t blame you.

That’s why this assessment is completely and entirely free. Let us earn your trust by demonstrating our expertise. While we would love the opportunity to be your managed IT support company, we will come in with no expectations and only look to provide you with fact-based information so you can make a quality, informed decision – and we’ll ONLY discuss the option of becoming your IT company if the information we share makes sense and you want to move forward. No hard sell. No gimmicks and no tricks.

Contact us and schedule your Free, CONFIDENTIAL Cyber Security Risk Assessment today: