What are the cybersecurity risks in companies? – Computer security is one of the chief concerns of companies worldwide. English companies are no strangers to this situation. According to a study by Allianz, cybersecurity risks in companies are the second most important concern in Spain.
This is related to the impact that the entry into force of the new General Data Protection Regulation (RGPD) meant for companies. For this reason, protecting company and customer data is a concern for organizations.
95% OF CYBERSECURITY INCIDENTS ARE DUE TO HUMAN ERROR
Companies must strengthen their computer security mechanisms and protocols. This awareness stems from recent reports of cyberattacks that occurred last year. According to the National Institute of Cybersecurity (INCIBE), during 2018, it managed nearly 120,000 incidents related to computer attacks on people and organizations in Spain.
Also, in 2018, 95% of cybersecurity incidents were due to human error, according to IBM X-Force. Therefore, companies should not only worry about cybercriminals but also about their employees.
On the other hand, the PwC survey on the state of information security 2018 reveals that companies suffer 3.4 cybersecurity incidents per year. These security incidents worldwide represent losses of 4.8 million dollars.
Thus, 49% of managers recognize that their companies lack a comprehensive IT security strategy. In addition, in Spain, 47% of cyberattacks originate within companies and are carried out by employees or former employees.
WHAT BEHAVIORS CAUSE CYBERSECURITY RISKS IN COMPANIES?
The possibility of a breach of companies’ computer security can be due to external and internal factors. For this reason, it is important to know the behaviors that risk companies’ cybersecurity.
Use of external devices on corporate computers.
The most common case is using external memory devices (USB). Ideally, USBs should be scanned or formatted to prevent malware from infecting corporate computers. Cloud computing services can be an alternative.
Use of Social Networks in corporate teams.
Accessing profiles on social networks, reading messages, or downloading files could put company equipment at risk.
Inappropriate use of company mobile devices.
Accessing corporate email from your mobile and connecting to a public Wi-Fi network can expose customer and company data. The mobile is a device that must be protected. Especially if it is used as a work tool. Therefore, there are MDM services to protect and manage their use.
Leave the teams without blocking or logging out.
The ideal is to configure automatic blocking systems on the company’s equipment. Thus, it will prevent anyone from using them. This includes passwords that are strong with alphanumeric characters.
Download files from personal or corporate emails.
Email continues to be the main channel for cybersecurity risks in companies. Whether from personal or corporate mail, the ideal is that the antivirus analyzes any file download.\
Upload files to the Cloud without encryption.
Although the cloud is a good option for working with corporate files, the documents must be protected. Therefore, encryption is required, regardless of whether free or paid cloud services are used.
Poor management of passwords and permissions.
Here the responsibility is shared between the company and workers. Access permissions to certain corporate information cannot be available to everyone.
Lack of backups.
Making backup copies should be a common practice in the company. Every employee should be used to making a backup as part of her daily tasks. This will prevent total data loss in the event of computer incidents.
We are sending mass emails to clients.
Email marketing campaigns or messages for multiple users are other cybersecurity risks in companies. To do this, you must always use the blind copy so as not to expose the information of the recipient list.
Failure to report incidents or problems with corporate devices.
Any incident should always be reported to those responsible for the company. This will prevent security breaches.