3 data security risks that could cost you

Today, the use of applications and software makes our lives easier and improves the way we work on a daily basis. However, this digital transformation does not only have advantages. In the digital age, cybercrime is a real scourge for organizations in all sectors.

At the Cybertech Europe event held in Rome last May, Alessandro Profumo, the CEO of Leonardo, one of the leaders in aeronautics and defense, revealed that the Cybercrime has cost more than 6 trillion dollars (5700 billion euros) worldwide in 2021. With the explosion of remote working and the acceleration of digitization, the number of cyberattacks is constantly increasing and they are becoming more and more sophisticated.

According to the 2021 IBM Cost of a Data Breach Report, the average cost of a cyber attack in 2021 was 4.24 million dollars, which is 10% more than in 2020. Learn what risks can lead to security breaches and cost your business dearly.

Shadow IT

It is the number one cause of cyber risks. As a reminder, shadow IT (or “shadow computing” in French) refers to the installation and use of applications and software by employees without the authorization of the Information Systems Department (DSI). They can also be personal computers or smartphones used when working from home.

The problem is that these digital devices and tools have not been controlled, approved, and secured by IT teams. They can create a security breach and let cybercriminals in. They may also not comply with the security policies put in place by the company regarding the protection and the data sovereignty. The IT department has no control over the use that is made of company data. That is why the use of these digital solutions represents a threat that can harm the organization and cost it dearly.

The solution

For Reduce shadow IT, it is essential to educate your employees because they do not necessarily realize the consequences of their actions. Communicate about the risks of this practice by organizing training and/or conferences on the subject. Also, provide your staff with resources such as a list of approved tools, how to get permission to use a particular software, what security measures are in place, etc.

Poor password management

Did you know that the most used password is “123456"? That's what reveals NordPass in its ranking of the 200 most common passwords in 2021. When it comes to choosing a password, we are all the same: we tend to opt for something simple and easy to remember, and above all we use it for all our accounts (with a few variations), whether for our personal apps or for professional software. Blessed bread for cybercriminals who can hack our accounts in just a few seconds.

According to the 2021 LastPass Password Security Report, 65% of professionals almost always use the same password or variations of it, and 45% of respondents did not change their password, even after a breach.

This type of behavior is alarming for businesses. Weakly protected, their data is vulnerable and easily accessible to hackers. Also according to the IBM report, compromised credentials were responsible for 20% of data breaches, at an average cost per breach of $4.37 million.

The solution

To prevent this security risk, here are three rules to follow when it comes to your passwords:

• use complex passwords (minimum 12 characters, combination of uppercase and lowercase letters and numbers) using a password generator;
• never reuse the same password;
• It is recommended that you change your passwords every 90 days for greater security;
• Use a password manager like Dashlane, Bitwarden, or LastPass to avoid memory lapses and store your passwords securely.

Unauthorized access to your data

In business, not all data has the same level of confidentiality. Some data is public, others can only be shared internally, and still others are very sensitive and should only be viewed by a limited number of people.

However, the documents and others sensitive files are often backed up on the shared network of the company and can be seen by all employees because they are rarely protected by a password. Who knows what a malicious employee could do with confidential data? In 2018, Amazon fired an employee who had sold personal and confidential information to third parties.

According to a recent study by Beyond Identity, nearly one in four employees say they still have access to the accounts of their former positions, and more than 41% of those surveyed admit to having shared their professional credentials. And that's not all, according to a survey by Tessian, a third of employees (29%) say they took data with them when they left. Even if the majority of these employees are not malicious, these figures remain alarming and this type of data leak can be harmful to the company both financially and in terms of image.

The solution

For effectively manage your sensitive data, be sure to use digital tools like Wimi that allow you to control access and sharing of data. The aim is to ensure that only authorized persons can access this or that file by protecting them with a password.

In addition, as soon as an employee leaves the company, their access must be immediately revoked.

To conclude

Downloading insecure software, using a weak password, or sending data to a personal account, human error is often the source of security risks in businesses. To protect your data, it is therefore imperative to Raise awareness among your employees about cyber risks in order to limit computer attacks and reduce the costs associated with cybercrime within your company.