This article is intended for anyone who is responsible for data and information security in an organization. If you are facing how to identify the main threats of information security in your organization, take a look at the following text. It helps you with basic orientation.
What to take away in a nutshell? What the statistics say.
- According to statistics, illiterate, uneducated people cause 80% of problems. Technical measures will solve only 20%. So give your people at least basic information literacy training and explain basic cyber threats. It will save you most of the troubles.
- Pay attention to the onboarding and offboarding of employees, assigning and removing permissions to the data or access to company premises.
- Watch out for the people inside your company. Most information leaks through them, not through attacks from the outside environment
- A basic element of data protection is data backup
The most common threats to your data
We list the most common reasons and causes of why companies lose their data, information and valuable knowledge and what most often threatens them. It's not just cyber attacks, it's a number of other situations that can cause you to lose your information or get it into the wrong hands, causing you trouble, paying a fine, or even endangering your existence.
Failure of disks and other data carriers or other hardware
- Disk failure is also a very common cause of data loss
- The likelihood depends on the quality and age of your computers and their drives. The older they are, the more likely it is. The usual lifespan of hardware is 3-5 years
- It is therefore important to monitor the lifespan and warranty of your IT components
- It doesn't have to be just old age, but the cause can also be an accident. You know it for sure: you or someone you know drowned the mobile and lost everything
- When a natural element strikes, the damage is usually enormous. It usually destroys everything. Equipment, data, infrastructure, premises.
- A fire, flood, earthquake or hurricane can totally destroy everything.
- The only way to properly protect yourself is to backup in another location
Unwanted data deletion
- Unwanted and unintentional deletion of data is one of the frequent reasons why a company loses some data or information
- It can be a click that a person doesn't even notice, and the deletion will then go unnoticed. Very dangerous.
Malicious employee behavior
- Malicious behavior of your employees is one of the most under-appreciated sources of problems and is a greater threat than external attacks
- Deliberate deletion of data or disclosure of sensitive information can cause enormous damage
- This also includes physical theft of computers, mobile phones or other IT equipment
- It may involve unauthorized wiretapping and espionage
- This also includes misuse or impersonation to gain access to areas or data to which they are not entitled
- In addition to technical means, attackers often use social engineering methods
- Theft of confidential information
Attacks from outside
- They are similar to harmful employee behavior, but are carried out
- Technical attacks (ransomware, DDOS attacks, etc.)
- Also using social engineering methods
- Identity theft
How the threats can harm you
- Disruption of your functioning. You will lose the data and information you need to function and make decisions
- Penalties for data breaches or data loss that you have to keep for legal reasons because you are required to do so by law
- Losing the trust of your customers
- Brand damage and reputational risk
Processes and situations that are the most common source of threats
- Opening emails, visiting infected websites are the most common source of infection or cyber attack
- Employee offboarding - if you does not cancel the access to your information it is a big security problem. He can stil use your data, apps and so. Can misuse, betray or abuse you.
- Onboarding - There is a lot to keep in mind when onboarding a new employee. You don't vet a new employee and he turns out to be a pest. You do not familiarize him with the procedures and he may make an unintentional mistake. You don't give him the right permissions or keys and he has access to somewhere he shouldn't
- Changes in job position and authorization is also very often a process where problems arise. The employee transfers to a new job and you do not change their authorization. You will forget that he had old keys and he can still use it.
- Issuance of keys and access to premises and rooms applies to all the above situations. Both when starting and when changing job within the company
- Papers with information left on the table. A very common situation where people unknowingly leave freely accessible information on their desks. They can be abused either by colleagues or, for example, by a cleaning company. Watch out for that.
- Freely accessible files in the office or in cabinet. If you have sensitive information on file, it should at least be in a locked cabinet or in a locked office without the possibility of access by unauthorized persons
- An unlocked computer is a similar situation to the previous one. You have sensitive information on your computer and anyone can access it.
- Confidential information on a shared drive or unprotected cloud storage. Shared drives are a huge source of information. If sensitive information is unprotected on them, it is easy to steal and abuse
The most common measures to protect against information threats
- Backup is the basis to be able to recover data in case of any problem
- Education and awareness of employees can help prevent unwanted situations. Uneducated employees cause 80% of problems
- Encryption can help, but it's not a cure-all
- Monitoring can help detect malicious behavior by employees or outside attackers
- Controlled access processes will help control who has access to where