sb-nz logo
Story image

Five security risks faced in the modern workplace - Empired

20 Jan 2020

Article by Empired principal consultant Gavin van Niekerk

The modern workplace sees work and home life co-existing through new technology that diversifies the work environment.

When employees’ workplace is anywhere, staff can enjoy more benefits and flexibility, and can even improve productivity, but it also can put the security of the organisation at risk if there are no proper protections in place.

According to the Australian Government Department of Communications, the average cost of an individual cybersecurity breach to a business is $276,000.

The same study also found that, in 93% of the cybercrime cases reviewed, it took hackers only minutes to breach security systems.

It’s important to be proactive about security and have a solution ready from the start to avoid a potential cyberbreach.

Empired has identified five of the most common security risks:

1.        Phishing
Phishing occurs when cybercriminals trick people into clicking malicious attachments or links, usually sent via an email.

Hackers have become increasingly sophisticated, making phishing emails, links and websites seem extremely realistic but, when people click through, it’s a doorway for hackers to access the employees’ personal and company information as they complete fake forms.

Organisations need to educate employees about the dangers of phishing scams and ensure that systems and software have security measures against these threats.

2.        Unauthorised downloads
Installing unauthorised applications can create security breaches, some of which run scripts that take control of computers or spread viruses onto networks.

Organisations can tell an application is dangerous if they see a pop-up message that advises the security protocols in place cannot verify its authenticity.

However, there may not be any warning, making it easy for users to unwittingly download unauthorised apps.

It is best practice for organisations to select a specific team or a few employees that have administrative access to download applications and require them to research the applications to see if they are legitimate.

3.        Weak passwords
Passwords are a company’s weakest link, and cybercriminals will exploit it. Weak, default or stolen passwords make up 63% of all security breaches.

This is because guessing passwords is usually the first trick of a hacker; it is the easiest way of breaking into a system.

To combat this, organisations should educate all their employees in the need for strong and different passwords.

4.        Lack of remote security
When working remotely, it is crucial for employees to access internal systems and information but, if the device doesn’t have adequate security solutions in place, then it poses a risk to the whole company.

Transferring files from work devices to personal devices, allowing non-company personnel to use company devices, and using a bring-your-own-device with basic-level protection are just some of the loopholes and potential breaches waiting to happen.

Organisational policy around security should prohibit employees from transferring files between company and non-company devices.

5.        Outdated software
Although organisations may find that notifications and system reboots often happen at the most inconvenient times, it’s important to remain vigilant about updating software when the notification first appears.

These updates are pushed through to fix security vulnerabilities.

These vulnerabilities are made public so, when deciding not to run an update, organisations increase the risk of an attack through these known weak spots. Therefore, organisational policy should also mandate that patches and updates should be installed by all employees as soon as they are available.

Organisations should choose a technology platform that was designed for the modern workplace and addresses the security challenges that businesses face.

Furthermore, the chosen platform should offer robust security and advanced threat protection, data loss prevention and encryption, broad-spectrum threat intelligence, and intelligent compliance solutions.

Story image
DDoS attacks a wake up call for complacent businesses - Imperva
When distributed denial of service attacks created mayhem around the world in August, they left many organisations scrambling to protect themselves.More
Link image
How to head off a rise in DDoS attacks
Many businesses invest in costly DDoS mitigation and protection solutions, but few test them. NCC Group tests all environments and is one of only two AWS DDoS Test Partners. Claim 10% off your next DDoS service today.More
Story image
Acronis launches data centre in Auckland
It is the first of 111 planned new data centres globally, allowing for the benefits of data localisation, including regional data sovereignty. More
Story image
How to address cyber-threats as a strategic risk
Becoming a cyber-secure organisation in the face of an evolving threat landscape requires a strategic, business-focused approach to security as opposed to a tactical approach in which security is addressed simply by implementing new tools.More
Story image
Microsoft: Digital transformation doesn't make SMEs immune to cyber threats
Ricky Kapur warns that despite digital transformation every business is at risk - no matter how large or small they are.More
Story image
Cisco report: Remote working is here to stay, making cybersecurity a top priority
"With this new way of working here to stay and organisations looking to increase their investment in cybersecurity, there’s a unique opportunity to transform the way we approach security as an industry to better meet the needs of our customers and end-users.”More