With the digitization of business, information has become the most important competitive asset for any company. Corporate data security is, therefore, for operating in the software economy, where any executive or strategic process is linked to digital tools.
Cybersecurity: threats are growing in the cloud era
However, protecting corporate data security is not trivial, especially in modern multi-cloud environments where the perimeter becomes liquid and every device that accesses the organization’s resources represents a vulnerability.
There is little to be sure of: according to Italian Clusit statistics, in the last five years (2014-2019), the number of successful serious attacks has grown by 91.2%, reaching a record figure of 1,670.
This alarming picture does not spare any company or sector and sees malware, phishing, or social engineering attacks among the main threats. These are, therefore, techniques that, in many cases, rely on the distraction or ingenuity of the users.
Human error represents the Achilles ‘ heel for data security, on top of the concerns of IT administrators, together with the technological obsolescence of company systems and the difficulty of managing the cloud journey.
Smart Working and security: human error matters
The issue is currently in the eye of the storm due to the Coronavirus emergency: the need to operate in smart working forces employees to use personal devices and home networks to access company IT resources. Companies that still needed to contemplate remote working found themselves unprepared, without adequate technological tools and suitable security strategies.
The workers often need more training to use digital solutions such as file sharing or telepresence applications. Furthermore, they are unaware of cyber security risks and can be easily duped.
The 9 most dangerous human errors for corporate data security
But what are the human errors considered most dangerous for corporate data security? In summary, nine incorrect and risky behaviors by employees can be identified.
- Using an obsolete device: the risk of suffering an attack increases considerably if you use operating systems for which support is no longer guaranteed or security updates have not been carried out.
- Use weak passwords that don’t follow corporate policies, are easily guessed, or aren’t periodically replaced. One mistake to avoid is the use of 4-digit pins for the protection of mobile devices, which can be intercepted very easily by malicious people (just a quick glance at the screen while the user is distracted is enough).
- Click on links or attachments to content in suspicious emails or received via social media or chats, which could be the vehicle of viruses or other types of malware. For example, the messages could contain a phishing attempt: the forged sender invites the user to release their confidential data (for example, access credentials to banking services or credit card numbers) under a technical pretext.
- Needs to overestimate the importance of having proper security applications such as up-to-date anti-virus software or containers to separate business and personal work environments.
- Use unknown mobile devices not authorized by your company (for example, pen drives and external hard drives).
- Download applications from unofficial sources that may contain malware.
- Connect to unknown, public, or inadequately secured Wi-Fi networks.
- The penultimate risk behavior concerns: forgetting to
- Log out of the services or portals used at the end of the working session.
- Finally: leave the station without entering the block (manual or automatic) for access to the system.
Also Read : Skype For Business, Why Switch To Teams