As anti-epidemic measures are loosened and people return to the office, it is good to be reminded of the risks to the security of corporate facilities and computer networks.
“Although these are recurring mistakes that computer experts regularly warn about, people are unteachable and often seriously compromise company systems and data in an effort to simplify their work,” warns Josef Havel, senior security analyst at IT company Integra Czech Republic.
We have selected the seven biggest cyber security offences and ranked them in order of severity. The overview table offers not only an explanation of what we’re at risk of by not taking precautions – but also a look at the most common motives for human indiscipline: often it’s a seemingly small matter.
Computer expert Josef Havel explicitly warns against using online services for which you do not have to pay. “When someone offers a service ‘for free’, they are usually trying to make money anyway. We should think if we are not paying with our data or security,” he warns.
| What not to do | What could happen | And why do people do it? | |
| 1 | use company facilities for private purposes | Private activities can compromise stored company data. We often open various “funny” attachments, visit links sent to us by friends. We want to run non-corporate software that we use. And so we can plant a Trojan horse on our computer that will send our company data to our competitors, for example. | People often deal with private matters during the working day. After all, we have to respond immediately to our friends when they send us a joke, a situation, share photos from the weekend because we didn’t make it home in the evening… |
| 2 | work with company data and systems on private computers (especially CRM, email) | The security of private devices (computers, mobile phones, tablets…) is almost never given the same attention as corporate devices. They can be infected with malware and send data to attackers, collect passwords we enter, etc. | In the evening we want to do some work at home, but we don’t want to take our laptop out of our backpack when we have our home computer on our desk. Often better than the company one. It’s more convenient to have everything in one device. But on a personal computer, company data usually remains even after the employee leaves the company. |
| 3 | disclose our login credentials (in particular passwords) to company devices and systems to anyone inside or outside the company | Anything we do after we log into a computer or information system, we are responsible for. By logging in, we tell the system that we are working with it. We don’t want strangers sending messages from our email to harm us. | We need something from a computer or email colleague who is away at the moment. We’ll call her and she’ll give us her password so we can download what we need. If she uses the same password elsewhere, we can get there too (private email, social networking, etc.). |
| 4 | use the same passwords for company systems that we use for applications outside the company | We often use the same passwords in multiple places. We put passwords in different e-shops, applications, etc. The password is hidden behind asterisks, but this is just so that the person standing next to us can’t see our password. It is always sent to the server as we type it. There is no problem for application operators to collect and store passwords. If we have the same password for other systems, then it is no problem for such a password collector to log in to our email, for example. | It is convenient to use and remember only one password that we use everywhere. |
| 5 | insert non-company USB peripherals (especially flash drives, portable hard drives, etc.) into company devices | A flash drive or portable drive doesn’t just have to contain malware that we can manually run from it. Such a malicious flash drive can also act as a keyboard, and the malicious software can run itself without us noticing. It can then easily send all our passwords or data to the attacker. | Often, out of curiosity, people stick a flash drive into their computer that they have lying around or have found. For example, if it contains a file called “employee_rewards.xls”, they are happy to open the file with the hacker’s attack code. |
| 6 | Install and run any software on company devices that has not been officially installed and approved by management and the IT department | Every piece of software we run on our computer or phone affects the performance and stability of the system. The software we run must be trustworthy and must not send any information from our system. In addition, the uniformity of the software we use also simplifies the management of our devices. If we have a problem with our computer, we contact support, who knows what is installed on the system and how it is set up, so they can solve the problem faster and better. The fewer applications we have on the computer, the faster the system works and we can concentrate on the essentials. | We’re used to using a program at home that we know will make our work easier. We don’t worry that the company hasn’t bought it, we download a crack (often containing malware). |
| 7 | use unapproved 3rd party services (freemails, clouds…) | When we upload and write data to third-party applications, we usually do not know who has access to the data, where it is stored, how it is secured and what terms we have agreed to when using the application. Particularly dangerous is the use of various online pdf -> docx, jpg -> pdf converters, etc., where we have no idea who is saving and viewing our documents. | My colleague and I need to work on one document, but we don’t have any company software that can do this. We simply upload the data to our private Google account and work with it there. |
For further information, or if you would like to receive similar messages, please contact:
Jana Nečasová, Marketing Specialist, tel. (+420) 731 447 494 or email necasova@integra.cz
Zdeněk Fekar, media representative, tel. (+420) 775 599 024 or email zdenek@evox.space
