Table of Contents
Do not index
Do not index
The Context
When people think about cyber security, they often imagine something incredibly dramatic. Perhaps a faceless person in a hoodie hammering away at a keyboard surrounded by multiple screens, or some complex, multi-layered attack happening far away in the shadows of the internet. Unfortunately, the reality is much more mundane, but much closer to home.
In truth, some of the biggest cyber risks organisations face come from the little things people do every day without realising they’re risky at all. Common mistakes like a rushed email reply, a file shared using the wrong link, a reused password, or a borrowed USB stick. None of these actions feel particularly dangerous or risky in the moment, but they’re exactly the kind of entry points that attackers can easily exploit.
The overall aim of this article is to highlight just how important every person’s role is in keeping a business secure. Cyber security isn’t just the IT team’s responsibility. It lives in the day-to-day behaviour of everyone in the organisation.
Phishing Emails and the Danger of a Quick Click
We’ll start with one of the most common cyber risks that the majority of businesses and employees will be aware of. Phishing attacks are getting more sophisticated every year, and it’s no longer a case of spotting obvious spelling mistakes or links websites or documents that don’t quite match. Many phishing emails are incredibly convincing, often spoofing the names and email addresses of real colleagues, suppliers, or clients. They might ask you to authorise a payment, send across login credentials, or open a file that contains malware. And because the request feels urgent or important, people tend to act quickly, or without due care and attention. That one click, that one reply, could open the door to a serious security breach.
It’s vital to slow down and think before you act. If something feels off, such as the unusual tone of the email, or the fact that your manager has asked you to make a payment while sat across from you, it’s vital that you verify the authenticity of the communication. Check the sender’s email address carefully. Ask the person directly via another channel if you’re unsure.
If you’ve found out that the email is illegitimate, or you are still not one hundred percent confident, report the email your IT team using the correct channels. A compromised email address could be an indication of a larger threat to the organisation, and it’s important that IT or security teams are alerted as soon as possible.
File Sharing and the Risk of Oversharing
Another frequent issue arises from how we share files and collaborate, especially with the rise of remote working. Cloud platforms like Google Drive, Dropbox, and Microsoft 365 make it incredibly easy to send documents back and forth between users in a business, but this also means that it’s very easy to make a mistake. People will frequently share links without adjusting the permissions, meaning sensitive documents can sometimes be accessed by anyone who either stumbles across, or brute forces, the URL. Worse still, files are often uploaded to personal accounts or sent outside the organisation entirely, without proper oversight, meaning that businesses have no idea who has access to potentially sensitive or confidential information.
While collaboration is essential, it should never come at the cost of control and security. Always double-check who you’re sharing a file with and what level of access they have. Use password protection when available, and never upload documents to personal cloud services, as even the smallest mistake could lead to a breach further down the line.
Weak Password Habits That Put Everything at Risk
Passwords remain one of the most misunderstood aspects of cyber security. Despite all the awareness campaigns, desperate please from IT teams and professionals, many people will continue to reuse passwords across multiple accounts, often mixing work and personal services, simply because it’s easier to remember. Others will jot them down on sticky notes next to their desk, or keep them in unsecured files like spreadsheets on their desktop. This practices aren’t just risky, it’s essentially an open invitation for attackers.
The problem with reusing passwords is that when one site gets breached (and this happens on a startingly frequent basis), attackers will test those same credentials on other platforms. If your work email and password were used to sign up for an unrelated service that’s been compromised, your business account could be vulnerable without you even knowing it.
The best defence here is, unfortunately, using different, complex passwords for each of your accounts, especially for work. This is where solutions such as a password manager come into play, as they can generate and securely store strong, unique passwords for each account you use. While it can be frustrating to potentially require multiple different passwords each day to complete your work, it pales in comparison to the frustration that comes from your business or place of employment suffering a breach.
The Hidden Threats in USB Drives and Devices
We also can’t ignore the risks posed by physical devices. USB sticks, for example, seem harmless. They’re cheap, convenient, and often handed out at events or kept around “just in case.” But plugging in an unknown USB device, even one that looks brand new, or was given to you by a trusted vendor at a conference, can introduce malware into your system immediately. Some attackers even deliberately leave compromised USB drives in public places, hoping someone will pick them up and plug them in out of curiosity.
Sadly, this isn’t a theoretical risk, as it happens more often than most people think. If you ever come across a device and you’re unsure of its origin, don’t take the chance. It’s always better to run it past your IT team than risk infecting your machine, and potentially your entire network.
Public Wi-Fi and the Illusion of Convenience
Another common, yet dangerous habit, is connecting to public Wi-Fi networks without proper security. Whether it’s at a coffee shop, hotel, or airport, public networks are incredibly convenient, but are rarely secure. In fact, attackers will often set up fake Wi-Fi hotspots that mimic real ones, tricking people into connecting without realising it. Even legitimate networks can be exploited by others on the same connection if proper protections aren’t in place.
To stay safe, turn off auto-connect on your devices so they don’t latch onto public networks automatically. If you absolutely need to work while on the go, your business should provide you with a VPN (Virtual Private Network) to encrypt your traffic. It’s a small change that makes a huge difference in keeping your data safe from prying eyes. This is becoming increasingly common since the rise of remote working, and employees connecting to public networks to access sensitive company information.
What Social Media Can Reveal Without You Realising
The final risk we’ll touch on is social media. It’s important to consider how much we reveal online without meaning to. Social media has blurred the lines between personal and professional life, and attackers know how to take advantage of that. Information such as job titles, team updates, software mentions, and even casual photos of your workspace can give away more than you realise.
While this doesn’t mean you should stop posting altogether, it just means being mindful. Ask yourself whether this information is safe to be made public? Is this something that could be used by an attacker to potentially harm the business? Quickly asking yourself questions like these, and double checking what you’re posting can help prevent attackers from utilising social media to target your business.
Final Thoughts
Cyber security isn’t just about firewalls, antivirus software, or the IT department putting out fires. It’s about the decisions each person makes, every day. The risks we’ve listed here aren’t dramatic or unlikely, they’re everyday actions that seem harmless until they’re not.
Keeping an organisation secure starts with awareness. It doesn’t require technical expertise, just a willingness to think twice, ask questions, and form better habits. If everyone takes ownership of their small corner of cyber security, the whole company will become stronger as a result.
So the next time you get a strange email, go to share a file, or log in to a new service, just take a moment to make sure you’re being as secure as you can. Those small decisions matter more than you might think.
