Business Headlines

Avoid These Common Cybersecurity Mistakes in The Office

By John William Smith Jr on May 10, 2022

Technology has revolutionized the way we work over the past 50 years. Unfortunately, with the same technology comes a whole new set of complications that we need to be conscious of. For example, technology in the workplace entails various security risks.

According to a leading company in cybersecurity services in Miami, ELIJAH, many data breaches result from human error, and such mistakes are easy to avoid. In this article, we take a closer look at the most common cybersecurity mishaps and how to prevent them in a digital workplace.

Security flaws and how to avoid them

When we talk about cybersecurity risks, we often think of a hacker in a hoodie typing random codes in a dark room. However, IBM found that employees themselves are responsible for 16% of security vulnerabilities. Kaspersky shows even more worrying results. They estimate that so-called ‘insider threats’ are responsible for about 52% of security incidents.

Therefore, the danger to our online security lies with the hackers and the people we work with. However, your colleagues (and yourself) do not always cause these security risks by design. In fact, the same IBM research showed that 40% of ‘insider threats’ were accidents.

Accidents can be prevented if you know how to be careful and watch out for them. So, what are the most common security risks, and how do you minimize them? Let’s go through them!

1. Sharing your password with colleagues

Control over who has access to specific data is often the source of security incidents. An example of cybersecurity carelessness is simply sharing your password with a colleague.

Another possibility is that cybercriminals steal an employee’s password with high access privileges. They do this through, for example, spear-phishing attacks. Once someone has a password, they can do all kinds of things with your data. For example, they can modify it, steal it, infect it with malware or threaten to reveal it.

Fortunately, there are ways to protect your data better. Options for restricting access to sensitive data include:

  • Using two-factor authentication: If your password does fall into the wrong hands, the malicious party will still not have access to your data.
  • Increasing your employees’ awareness of cybersecurity risks: For example, make it clear that sharing passwords weakens data security.
  • Implementing greater control over who can access specific data: Set up account authentication for devices that try to log in via Wi-Fi.

2. Clicking a phishing link or downloading a virus file

Phishing is one of the most common ways to put malware on your computer. It is also becoming increasingly difficult to recognize these phishing emails and fake websites (spoofed websites). No wonder 74% of organizations in the United States have fallen victim to this type of cybercrime!

Links in phishing emails often point to spoofed websites. These websites look like existing sites but have different domain names. For example, the web address “www.rabobank.nl” has changed to “www.rab0bank.nl”. If you enter your information on this falsified website, this data gets into the wrong hands.

A couple of years back, one of the ways you could determine the security of a website was by checking if it had HTTPS in the URL. Unfortunately, phishing spoof sites increasingly succeed in placing this security sign on their websites. Therefore, you cannot rely on this tell-sign anymore. What then? The National Cyber Security Center gives the following tips:

  • Protect your domain names from phishing: It is wise to use email authentication with the SPF, DKIM, and DMARC standards. These standards ensure that the integrity of e-mails is guaranteed so that your team, as a recipient, can verify whether emails come from the supposed sender. This prevents attackers from falsifying your domain name.
  • Make sure the emails you send are legitimate: They can often be difficult to distinguish from phishing emails if you send emails to a broad audience. Try adding as much relevant information as possible to identify legitimate ones.
  • Secure mail server connections: In addition, ensure that all the employees send email via the company’s server. We all saw how weak the security of mail servers could be when Hillary Clinton’s email was hacked.

3. Sharing sensitive data in the cloud

Many organizations use portals that share data over the cloud to exchange information about work and collaborate on projects. Employees often place sensitive data here. Unfortunately, not all of these cloud portals are adequately secured, leaving company information vulnerable to hacking.

An excellent example of a significant data breach is the GitHub leak in 2019. Researchers checked some of the GitHub repositories and found the following data: 85,311 Google API keys, 37,781 RSA Private Keys, and 47,814 Google OAuth IDs. In other words, they found the credentials of thousands of projects in the public eye.

The collaboration platform Slack also has these kinds of vulnerabilities. For example, in 2014, a hack gave users access to other companies’ Slack channels. However, the most significant risk you run on Slack when it comes to data security is in the hands of the user.

Knowing what data you share via an online platform is essential to avoiding a cyberattack on the cloud. It is unwise to share sensitive information in this way. It is important to check who has access to the channels. For example, if an employee has just been fired, they can misuse sensitive data from such a channel. So make sure you remove ex-employees from the chats right away.

In addition, everyone within the company must be well informed about cybersecurity. Both the employer and the employees should be well informed about how they can prevent hacks and data leaks.

4. Leaked emails

Employees share much company-sensitive information via email. Unfortunately, this can often go wrong. Employees can leak emails intentionally or accidentally. An example of an accidental leak is when you use CC instead of BCC. Doing so makes you publicly reveal the e-mail address of everyone in the email when you didn’t intend to in the first place.

Everyone makes mistakes, especially when you’re in a hurry. However, cybersecurity training makes employees more aware of the consequences of these types of errors.

Another solution is implementing data leak prevention (DLP) software on your work devices. This technical solution checks emails for specific words and phrases or specific attachments. If the program thinks that an email poses a security risk, it puts it in quarantine. This gives you more control over the correspondence.

Can we prevent cybersecurity errors entirely?

It is almost impossible to avoid all mistakes. It is challenging to keep your data safe in a large company where employees have to communicate with each other frequently through a digital medium. Now that more people are working from home, and communication often takes place online, it is even more important to pay attention to cybersecurity.

Fortunately, informing your staff is half the battle won. Awareness of mistakes that can be made and how to avoid them solves many problems before they occur. Complementing this with tools such as two-step verification and DLP will further reduce the risk of cyber-attacks.

If you don’t know much about IT and cybersecurity yourself, you can always hire someone who provides reliable cybersecurity consulting services.

It’s important to remember that today’s age is all about data. It can make and break companies in seconds. Stay safe from cyberattacks by following these basic security rules and contact a cybersecurity expert for more help!

Hi! I’m John Marketing Manager at Elijah . I love to write and express my thoughts to the world. Here I’m writing the blog on cyber security services . It’s important to remember that today’s age is all about data. It can make and break companies in seconds. Stay safe from cyberattacks by following these basic security rules and contact a cybersecurity expert for more help!

The Author

Walt Alexander

Walt Alexander

Walt Alexander is the editor-in-chief of Men of Value. Learn more about his vision for the online magazine for American men with the American values—faith, family & freedom—in his Welcome from the Editor.

No Comment

Leave a reply

Your email address will not be published. Required fields are marked *