With rapid digitization of the Philippines in the past year fueled by the pandemic, more and more cybersecurity threats emerge and threaten the integrity of the data in your company. In this blog we take on the 10 Data Risks that Could Affect your Company in 2021.
- Accidental Sharing of Information
- Lack of IT Support
- Employee Data Theft
- Bad Password Hygiene
- Too Much Data Access
- Phishing Emails
- An Organization’s Denial
Accidental Sharing of Information
Not all data losses can be attributed to cyber criminals stealing your information, in fact, in a study conducted by Shred-it in 2018, more than 40% of Senior Executives and small business owners have reported that the root cause of their data breaches are employee negligence or accidental loss.
With the recent pandemic forcing businesses to implement remote work setups for their employees, accidental data breaches are higher than ever! With that being said, orienting employees with best practices to keep your data safe would be at your best interests. You can check out our recent webinar that talks about ensuring data privacy in a remote work environment here.
Lack of IT Support
Some companies have minimal to no IT support, given this scenario, it will be difficult to identify and eliminate data risks that might affect your company.
If you have minimal IT support, or limited manpower in IT, it would most likely lead to work overload of your Cybersecurity teams. According to a research conducted by the Goldsmiths of the University of London; 64% of cybersecurity professionals have considered quitting their jobs due to the amounting pressure that they face on a day-to-day basis.
It would be really smart to hire and have strong IT support that would manage and support your company’s systems and data processes. One of the things that an IT support can do for you is to have email quarantine, when your employee accidentally sends an email with sensitive information, it will automatically quarantine that email to prevent accidental data leaks.
Employee Data Theft
When most companies think about data risks, they would probably think about external cybersecurity threats.
However according to a report by Verizon, they found that 57% of data breaches include insider threats and the majority of those (61%) are employees who do not hold leadership positions when they compromise company data.
So, it is a best practice that companies have safeguards and security for insider threats to ensure that they minimize data breaches and possible damages that are caused by their employees’ who might be planning to leak your company data.
Ransomware is the term used to describe a malware that uses encryption to hold a victim’s information at a ransom. An organization’s data would be encrypted and they would not be able to access the particular data being held.
There is a real threat of ransomware and in fact, the average amount of ransom demanded has more than doubled in the year 2019 reported by ZDNet.
Companies need to start having better and stronger security measures against ransomware attacks.
Bad Password Hygiene
A study released by Google in 2019 estimated that 1.5% of all login information used across the web are vulnerable to credential stuffing attacks due to the fact that it’s being disclosed in data breaches.
Using anonymous statistics collected during February 5 - March 4, 2019, Google found that out of the 21,177,237 login credentials, 1.5% of those were found in data breaches.
With many people using redundant or easy to guess passwords, it can be used to access sensitive company information even though it is using a secure network.
Your company’s data and intellectual property are very valuable and in isolated cases, your employees can be bribed for this information.
In 2018, Amazon investigated suspected data leaks and bribes of its employees as the e-commerce giant fights to root out fake reviews and other seller scams off of its platform.
Meanwhile in 2019, AT&T found that their employees took bribes in order to unlock millions of smartphones and to install malware along with unauthorized hardware on the company’s network.
Too Much Data Access
Your company’s data is one of the most important and valuable assets and it should be protected and treated like that.
Your company’s data access should be a need-to-know basis to minimize the exposure and risk of accidental or unauthorized use.
In a study found by Insights for Professionals, 71% of end users said that they often have had access to data that they shouldn’t see while 80% of IT professionals believed that their firms didn't have a data model that enforces a strict data access protection.
Phishing emails are on the rise and have increased by 250% in the year of 2019. With the fast advancement of technology, scammers who are choosing to run phishing attacks have stepped up their game as well.
Despite companies doing their best efforts to prevent these phishing attacks, some phishing emails would still find their way into employees emails and result in a data breach.
It’s at the company's interests to establish protocols and safeguards for suspicious emails and regulate the way their employees interact with these.
In a study found in 2019 by scmagazine, email addresses and passwords are in high demands by cybercriminals and these types of data are the primary ones stolen in 70% and 64% of breaches respectively.
These types of data can be used to form and launch more diversified attacks and can be used to impersonate a person or an employee. If your email and password falls into the wrong hands it can be used to extract sensitive company or personal information that can compromise and damage your company.
Every company in the Philippines should be aware how their data can be stolen and be used against them.
An Organization’s Denial
Today, an organization’s denial to the technological advancements that are happening today and the increasing financially motivated cybercrimes in our country can be very dangerous if not addressed properly.
All companies should be aware and must have secure measures that would prevent cybersecurity attacks to their company and their employees.
Want to know how to divert cyber security risks and minimize data breaches? Learn the ins and outs of the Data Privacy Act in the Philippines and be a DPA Certified Advocate!
Register with this link to get Certified!
Want to know how our Sprout Products help minimize our client’s data risks and breaches? Click here!