Consider this: recent studies of cybersecurity place the percentage of data breaches caused by employee error between 88 and 95%.
“One in four such employees lose their job within about a year, even though more than half of employees fall for a phishing email because the attacker impersonated a senior executive at the company,” according to the Security Today article.
Shockingly unpredictable shifts to the global economy have occurred in the past few years, and the speed of innovation posits the idea that the next few years will produce even greater change. The rate and ease at which business can now be conducted have opened the doors of the world, even to the smallest of companies. Opportunity abounds in the global marketplace, but so does risk.
Remote Work Reveals Weaknesses
This is all exacerbated now that hybrid and remote work became a trend in the last few years. According to a recent Gallup poll, the percentage of remote workers pre-pandemic hovered around 8% and in 2022, that number rose to nearly 40%. Now, for 2023 and beyond, roughly a quarter of the working population is projected to work remotely.
Some companies have shirked brick-and-mortar operations entirely, opting for the collective freedom of remote work, which expands the candidate pool and slices off a chunk of cost in building leases and maintenance.
But, as in all things, there are opportunity costs. While studies of organizational communication and employee retention regarding in-office versus remote work will no doubt continue into the coming decades, there is one aspect of the remote worker surge that is not debated: Remote workers leave companies significantly more vulnerable in the digital realm, and just as the cost to recover from cybercrimes is increasing exponentially.
Unsafe Wi-Fi Networks
In every airport or coffee shop, there are open laptops with keys clicking, and employees blissfully unaware of the danger to their personal information and to their company’s data. You see, free Wi-Fi equals risk. Hackers basically set-up shop in networks that have high volumes of users and easy ways to infiltrate devices using codes and apps they’ve created. When hackers infect a public Wi-Fi network, they can then poison all devices that connect with it and intercept information.
“Once they’re in through an unsecured network, they can piggyback into your company data to their heart’s content,” according to Inc.
Types of Malware
Malware is an umbrella term that the National Institute of Standards and Technology defines as “Software of firmware intended to perform an unauthorized process that will have adverse impacts on the confidentiality, integrity, or availability of a system.” Malware comes in many guises that allow for spying and data (or even monetary) theft.
Viruses: A sort of malware that remains dormant until their host file is initiated.
Worms: Often the most destructive kind of malware that can replicate without any human trigger.
Trojan Horses: Common and dangerous, the Trojan Horse is disguised as a legitimate program, often hidden as an attachment in an email or a free-to-download file.
“Once downloaded, the malicious code will execute the task the attacker designed it form, such as gain backdoor access to corporate systems, spy on users’ online activity, or steal sensitive data,” according to Fortinet.
Using Personal Devices for Work Tasks
BYOD (Bring Your Own Device) has become a trend in the workplace, particularly for small and medium-sized businesses. It typically proves most cost-effective to compensate employees for the use of their laptops and cellphones rather than invest in new work-only devices for staff. However, this comes with an abundance of security concerns. Often, employees are unaware of the necessity of anti-virus and firewall updates, and ignoring those updates leaves a “welcome” mat at the entrance and the door open for hackers. Further, as explained by Inc., devices that are light and portable can easily be stolen.
“Once out of your employee’s hands, not even encrypted data or device-locking passwords can keep experienced hackers out,” according to the article.
Using Weak Passwords
Painfully obvious passwords are a common weak link that allow for system infiltration. According to a recent Avast survey, 83% of Americans use weak passwords, with some of the most common examples being ”Qwerty”, “password”, and “12345,” others are built around their name or a family member’s name, their pet’s name, their birthday, words centered on their hobby, and part of their home address.
Verizon’s 2022 Data Breach Investigations Report found that 81% of hacking-related data breaches were a result of stolen and/or weak passwords that often ignored the suggestion to include at least 10 characters, numbers, special characters, or upper- and lower-case letters.
Sharing Unencrypted Files
Think of the abundance of sensitive information even the smallest businesses guard: social security numbers, customer and vendor data, credit card and bank information. This sort of data is necessary for conducting business, but also incredibly valuable to hackers. While the digital workspace demands ease of access to files for collaboration, this comes at incredible risk. Secure file sharing and encrypted files/emails are essential to safeguard sensitive information that would prove destructive (and lucrative) in the wrong hands.
It's Never Too Soon to Step-up Security
The cybersecurity sector, from government entities to private companies, has been pushing education about the threats posed by data breaches. Business leaders are beginning to realize that ignoring the problem (and not properly budgeting for security) is counterintuitive at best and destructive at worst: slated to undermine the years of effort invested in building a business.
The painful and brutal truth is that damage done from a data breach is not easily overcome; some companies crumble, others suffer such extensive damage they limp along for years with hope that they will one day heal. Ask anyone in the field or any business owner who has experienced a data breach and the answer will be the same: prevention is worth its weight in gold. Schedule a thorough security assessment, regularly communicate with employees about how they can protect company information, and don’t hesitate to reach out to experts like Horizon Helix when you have any questions. It’s a dangerous digital world out there, and we are here to help you navigate it.