As an employee, you are a valuable target for attackers. Follow these safe computing tips to protect your workplace against some of the most common cybersecurity risks.
Safe Computing Tip #1 – Understand Your Role in Corporate Cybersecurity
As an employee, you are your company's first line of defense against cybersecurity threats. While IT administrators will do everything they can to make your day-to-day work experience as secure as possible, it is ultimately your responsibility to practice safe computing in the workplace.
The 2020 Verizon Data Breach Investigations Report found that 30% of all data breaches involved internal actors. 37% of these breaches were caused by stolen or compromised credentials, 22% by errors, and 8% by misuse of authorized users. By learning all you can, following corporate security policies, and following our safe computing tips you can help protect your organization against IT security vulnerabilities.
Cybersecurity Culture Tips for Employees:
- Understand and follow all company policies regarding data security and confidentiality.
- Be an advocate for safe computing in your workplace by explaining the purpose of your organization's cybersecurity practices to your coworkers and demonstrating the best practices.
- Help bridge the gap between IT security and employee productivity by informing your manager about any security-related frustrations your coworkers have.
Shadow IT – also known as Stealth IT, Client IT, or Fake IT – is any system, solution, or software you use for work without the knowledge and approval of your IT department.
Shadow IT poses a unique threat to cybersecurity as the technologies are not under the control of the IT department. These applications, Software-as-a-Service (SaaS) products, and other shadow technologies put corporate data at risk because they are not being appropriately secured.
Examples of Shadow IT:
- Transferring corporate data to personally managed cloud storage accounts and USB storage devices
- Signing up for corporate SaaS accounts without approval of the IT department
- Using personal devices for work purposes without a formal Bring Your Own Device policy
- Using unofficial communication tools for work (Slack, Discord, etc)
A personal cloud storage account, for example, could be used to transfer work-related files to a coworker. However, if that data falls under a protected class such as personally identifiable information (PII), then your ability to access that data outside of work would be a violation of corporate and regulatory data security compliance standards.
Shadow IT Cybersecurity Tips for Employees:
- Do not use unapproved technology in the workplace.
- Encourage your coworkers to use officially supported solutions.
- If a particular shadow technology fulfills a highly desired need in the workplace, advocate for its official adoption.
- Report suspected shadow IT usage to your IT admin or manager.