According to a 2017 Kaspersky Lab survey, employees are responsible for 46% of IT security incidents. That’s good and bad news. The bad seems obvious. The good news is that you know where the problem is. So what are these human security holes doing?

SEE: Why human vulnerabilities are more dangerous to your business than software flaws (TechRepublic)

Here are the top 5 human security risks:

1. Policy ignorance

If you don’t know what the security policy is at your company you’re less likely to follow it. Make sure people know what your policy is and are trained in how and why to follow it.

SEE: IT leader’s guide to reducing insider security threats (Tech Pro Research)

2. Clicking on links

Even when they know the policy people sometimes get tricked. Clicking on a link, even one that looks safe, can be all malware needs to get inside your network. Educate employees about what to look for, and to be careful in general.

3. Attachments

Yes, you shouldn’t open that “hot picture” from a friend and be wary of Word and Excel attachments from unknown people or in weirldy-phrased emails. But also don’t send sensitive documents as attachments where they can sit in less secure email accounts waiting to be discovered.

SEE: 10 ways to raise your users’ cybersecurity IQ (free PDF) (TechRepublic)

4. Installing software

No matter how good your IT department is at locking down systems, there always seems to be someone or some way that programs get installed anyway. Usually malware. Make sure folks know why they shouldn’t install outside software without being very sure of its trustworthiness.

5. Sharing passwords

I know. You’d be surprised. I’ve heard high-level execs tell subordinates, “Here, just use my password.” No. Just don’t. Also, make sure passwords are unique to the user so you can revoke them if they get leaked, or when the employee leaves the company.

By the way, before you send out a note to your staff, take a look in the mirror. Executives, HR leaders and finance specialists — the people with the most access — tend to be the most at risk.

Also see: