Today, the use of apps and software makes our lives easier and improves the way we work every day. However, this digital transformation does not only have advantages. In the digital age, cybercrime is a real threat to organisations in all sectors.
At the Cybertech Europe event in Rome in May, Alessandro Profumo, CEO of Leonardo, a leading aerospace and defence company, revealed that cybercrime has cost the world more than $6 trillion (€5,700 billion) in 2021. With the explosion of remote working and the acceleration of digitalisation, the number of cyber attacks is increasing and they are becoming more sophisticated.
According to IBM’s 2021 Cost of a Data Breach report, the average cost of a cyber attack in 2021 is $4.24 million, 10% more than in 2020. Find out which risks can lead to security breaches and cost your business.
This is the number one cause of cyber risks. Shadow IT refers to the installation and use of applications and software by employees without the authorisation of the IT department. It can also refer to personal computers or smartphones used for remote working.
The problem is that these digital devices and tools have not been checked, approved and secured by IT teams. They can create a security hole and allow cybercriminals to infiltrate. They may also fail to comply with the security policies the company has in place regarding data protection and sovereignty. The IT department has no control over the use of company data. This is why the use of these digital solutions represents a threat that can damage the organisation and cost it dearly.
To reduce shadow IT, it is essential to educate your employees, as they may not realise the consequences of their actions. Communicate about the risks of shadow IT by organising training and/or conferences on the subject. Also provide your staff with resources such as a list of approved tools, how to get permission to use a particular piece of software, the security measures in place, etc.
Poor password management
Did you know that the most used password is “123456”? This is what NordPass revealed in its ranking of the 200 most common passwords in 2021. When it comes to choosing a password, we are all the same: we tend to opt for something simple and easy to remember, and above all we use it for all our accounts (with a few variations), whether for our personal apps or for professional software. This is a boon to cybercriminals who can hack into our accounts in a matter of seconds.
According to the LastPass Password Security Report 2021, 65% of professionals almost always use the same password or variations of it, and 45% of respondents have not changed their password, even after an intrusion.
This type of behaviour is alarming for companies. With little protection, their data is vulnerable and easily accessible to hackers. According to the IBM report, compromised credentials were responsible for 20% of data breaches, with an average cost per breach of $4.37 million.
To prevent this security risk, here are three rules to follow regarding your passwords
Use complex passwords (minimum 12 characters, combination of upper and lower case letters and numbers) with the help of a password generator; never reuse the same password; It is recommended that you change your passwords every 90 days for added security; use a password manager such as Dashlane, Bitwarden or LastPass to avoid memory gaps and store your passwords securely.
Unauthorised access to your data
In a company, not all data has the same level of confidentiality. Some data is public, some can only be distributed internally, and some is highly sensitive and should only be viewed by a limited number of people.
However, documents and other sensitive files are often saved on the company’s shared network and can be seen by all employees because they are rarely password protected. Who knows what a malicious employee could do with confidential data? In 2018, Amazon fired an employee for selling personal and confidential information to third parties.
According to a recent study by Beyond Identity, nearly one in four employees say they still have access to accounts from their former positions, and more than 41% of those surveyed admit to sharing their work credentials. Not only that, according to a Tessian survey, a third of employees (29%) say they have taken data with them when they leave. Even if the majority of these employees are not malicious, these figures are still alarming and this type of data leakage can damage the company both financially and in terms of image.
To effectively manage your sensitive data, make sure you use digital tools like Wimi that control access and sharing of data. The aim is to ensure that only authorised people can access a particular file by protecting it with a password.
In addition, as soon as an employee leaves the company, his or her access must be revoked immediately.
Whether it’s downloading unsecured software, using a weak password or sending data to a personal account, human error is often at the root of security risks in companies. To protect your data, it is therefore imperative to make your employees aware of the cyber risks in order to limit computer attacks and reduce the costs associated with cybercrime within your company.