Employers want to blame cyberthreats on bad guys but “the threat actually originates from within when employees’ ignorance and/or negligence opens the door for cybercriminals” as reported by Kasperky in “Top 10 Tips for Educating Employees about Cybersecurity.”

Phishing Scam advice is included in Tip #4:

Phishing remains the primary method for infecting users via social engineering, especially for corporate employees.

Employees should know that, when in doubt, they should not click on or repost suspicious links in email, tweets, posts, online ads, messages,or attachments – even if they know the source.

Phishing schemes are probably one of the most prevalent methods that cybercriminals use to target businesses via employees.

BYOD advice is included in Tip #8:

Wireless connectivity, cloud services and file-synchronization applications are making these devices highly desirable targets for physical theft.

Thieves and hackers with stolen mobile devices will compromise them to lift valuable data or use them.

Here are the 10 tips:

Tip #1: Create and communicate clear-cut security policies.

Tip #2: Test employees’ security knowledge.

Tip #3: Require complex passwords that must be updated regularly.

Tip #4: Teach employees to avoid phishing scams.

Tip #5: Create systems to automatically back up work.

Tip #6: Use spam and web filters to close windows of vulnerability

Tip #7: Utilize systems management tools to ensure all software updates are installed across multiple endpoints.

Tip #8: Don’t forget mobile.

Tip #9: Keep the lines of communications open between IT and other staff.

Tip #10: Select a trusted security partner.

Kaspersky offered this simple advice which should be a help to all employers.