SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
Story image

Five security risks faced in the modern workplace - Empired

The modern workplace sees work and home life co-existing through new technology that diversifies the work environment.

When employees' workplace is anywhere, staff can enjoy more benefits and flexibility, and can even improve productivity, but it also can put the security of the organisation at risk if there are no proper protections in place.

According to the Australian Government Department of Communications, the average cost of an individual cybersecurity breach to a business is $276,000.

The same study also found that, in 93% of the cybercrime cases reviewed, it took hackers only minutes to breach security systems.

It's important to be proactive about security and have a solution ready from the start to avoid a potential cyberbreach.

Empired has identified five of the most common security risks:

1.        Phishing
Phishing occurs when cybercriminals trick people into clicking malicious attachments or links, usually sent via an email.

Hackers have become increasingly sophisticated, making phishing emails, links and websites seem extremely realistic but, when people click through, it's a doorway for hackers to access the employees' personal and company information as they complete fake forms.

Organisations need to educate employees about the dangers of phishing scams and ensure that systems and software have security measures against these threats.

2.        Unauthorised downloads
Installing unauthorised applications can create security breaches, some of which run scripts that take control of computers or spread viruses onto networks.

Organisations can tell an application is dangerous if they see a pop-up message that advises the security protocols in place cannot verify its authenticity.

However, there may not be any warning, making it easy for users to unwittingly download unauthorised apps.

It is best practice for organisations to select a specific team or a few employees that have administrative access to download applications and require them to research the applications to see if they are legitimate.

3.        Weak passwords
Passwords are a company's weakest link, and cybercriminals will exploit it. Weak, default or stolen passwords make up 63% of all security breaches.

This is because guessing passwords is usually the first trick of a hacker; it is the easiest way of breaking into a system.

To combat this, organisations should educate all their employees in the need for strong and different passwords.

4.        Lack of remote security
When working remotely, it is crucial for employees to access internal systems and information but, if the device doesn't have adequate security solutions in place, then it poses a risk to the whole company.

Transferring files from work devices to personal devices, allowing non-company personnel to use company devices, and using a bring-your-own-device with basic-level protection are just some of the loopholes and potential breaches waiting to happen.

Organisational policy around security should prohibit employees from transferring files between company and non-company devices.

5.        Outdated software
Although organisations may find that notifications and system reboots often happen at the most inconvenient times, it's important to remain vigilant about updating software when the notification first appears.

These updates are pushed through to fix security vulnerabilities.

These vulnerabilities are made public so, when deciding not to run an update, organisations increase the risk of an attack through these known weak spots. Therefore, organisational policy should also mandate that patches and updates should be installed by all employees as soon as they are available.

Organisations should choose a technology platform that was designed for the modern workplace and addresses the security challenges that businesses face.

Furthermore, the chosen platform should offer robust security and advanced threat protection, data loss prevention and encryption, broad-spectrum threat intelligence, and intelligent compliance solutions.

Follow us on: