Better Cybersecurity Starts with Fixing Your Employees’ Bad Habits

A lament that echoes in information security circles is that we’re not doing enough to deal with cybersecurity’s biggest, most persistent threat – human behavior. Attackers typically don’t need to sabotage sophisticated software or hardware; they simply needed to take advantage of predictably poor user behavior. What can companies do to reduce behavioral risks? Instead of having your employees opt-in to specific security actions such as installing and using a VPN, turning on 2-factor authentication, enabling full-disc encryption, or authorizing auto-update features, turn these features on by default. When a software update is released, send an email instructing employees to block off a time on their calendar to actually complete the update. And make awareness training an ongoing process, building in feedback so that employees learn what they can do to avoid mistakes in the future.