We will be happy to advise you!

Hotline:
+49 (0) 40 38 90 710

E-mail:
info@secion.de

Contact form

Four out of ten employees do not pay attention to IT security in the office

by

Reading time: minutes ( words)
IT security in the office: employees are often careless

The biggest threats to corporate IT security

In surveys and analyses, the top 3 biggest IT threats to businesses regularly include people, malware and a data breach. This shows that digital systems only provide as much security as the user allows. Malware threats or a data breach are also often the result of an employee's faulty actions. These are, for example, a forgotten data backup or the attachment of an e-mail that was opened carelessly.


In this context, it is interesting to note that users behave differently in private than in the office. In a survey, over 52 percent stated that they exercise more caution on their home computer than at their workplace in the company. Nearly 40 percent said they are least careful at the office.


The reasons for this lie in an incorrect or lack of understanding of the threats lurking in the digital space. At home, on the other hand, users are well aware of the consequences if cybercriminals get hold of their own online banking access data, for example. In the office, on the other hand, employees trust that the company's own IT security will guarantee security. Employees also assume that if their own PC fails, for example due to malware, replacing their own computer will be enough to fix the problem. Many are simply unaware that hackers use access to one computer to infiltrate the entire network. Accordingly, this group of employees is careless when it comes to IT security.

What measures are suitable for preventing and responding to this situation?

The key challenge in this situation is to train employees better. The absolute majority of careless employees are not careless about IT security out of malicious intent, but simply out of ignorance.


So the task of management as well as IT security is to make every employee part of the security strategy. This can be conveyed within the framework of training courses and advanced training on the subject of IT security. Only when employees understand what threats exist and what damage they pose will an awareness of IT security develop.


An important part of training continues to be informing employees about the specific threats. Many employees generate cyber incidents because they are not adequately trained in the use of digital systems. Social engineering and phishing are just two of the many threats that employees need to be aware of. Concrete examples can be used to show what a dangerous mail attachment looks like.


Clear rules are also helpful in minimizing cyber threats. If there are no guidelines on what information employees are allowed to give out by phone or mail, cybercriminals can always extract data.


In addition, it is essential that IT Security has the proper tools to identify any security breaches as quickly as possible. This is where many companies and IT security departments continue to have gaps. Active cybersecurity systems, primarily early attack detection, are the appropriate means to ensure a high level of security.


Attack early detection identifies unusual actions that indicate activity by hackers. These are, for example, accesses from command and control servers after an employee has accidentally executed an infected mail attachment. But employees who act as internal perpetrators and transfer confidential data to servers outside the network, for example, also trigger an alarm during early attack detection. Because the system sends these alerts immediately after the incident, IT Security has the ability to respond to these scenarios without delay. Security breaches can thus be stopped directly and damage is averted from the company.


Other helpful measures include precautions that directly prevent or make impossible damage caused by employees' careless actions. This includes, for example, the introduction of an internal communication platform such as Microsoft Teams. This separates internal communication from e-mail, where criminals repeatedly impersonate company employees to tap data or launch phishing attempts. It also makes sense to use group policies and access restrictions to limit the scope of user accounts to the bare minimum. It is also helpful to disable ActiveX controls in the corporate network, as these are often the target for malicious code.

Conclusion on IT security in everyday office life

Once again, surveys and statistics show that IT threats to corporate networks come from all directions. So companies that focus exclusively on external threats have major gaps in their cyber defenses.


The key to a high level of security in IT is a security strategy that takes all potential sources of danger into account. This includes the company's own employees. Targeted training and security solutions such as early attack detection can significantly increase the level of IT security.


Increasing digitization and dependence on IT make it necessary to adapt the IT security strategy accordingly and to equip IT security adequately.

Need help upgrading your IT security for 2022? Contact us!

By clicking on the "Submit" button, you confirm that you have read our privacy policy. You give your consent to the use of your personal data for the purpose of contacting you by Allgeier secion, Zweigniederlassung der Allgeier CyRis GmbH.

* Mandatory field

Go back

Related articles

Caution, Quishing: Criminals use QR codes for phishing attacks

Caution, Quishing: Criminals use QR codes for phishing attacks

QR codes have been around for almost 30 years. Today, we scan the square codes with our smartphone as a matter of course to release bank orders, create a digital vaccination certificate or retrieve coupons. However, since QR codes are also used by cybercriminals for fraudulent purposes, you should not trust the little squares without limits. You should be especially careful if you receive a QR code via email: A sophisticated phishing attack could be hiding behind it. We show you how to recognize quishing attacks and protect yourself from them.

Black Basta: New findings on the notorious ransomware

Caution, Quishing: Criminals use QR codes for phishing attacks

In early October, the ransomware group Black Basta attacked an IT service provider of the Deutsche Presse-Agentur (dpa), stealing the data records of 1,500 dpa employees as well as pension recipients of the dpa support fund. Two weeks later, the cybercriminals published the first sensitive data of the victims on the darknet. This incident is just one of many attacks associated with the notorious Black Basta ransomware - and there will be many more to come. That's because, as new research shows, the cybercriminals act very similarly to other aggressive hacker groups.

Hacking to listen to: The 5 most popular IT security podcasts from our IT security consultants

Hacking you can listen to: 5 popular IT security podcasts

The cybersecurity industry is more dynamic and rapidly changing than any other sector. Today's insights may already be outdated tomorrow. Because at the same pace as IT security develops new measures to protect IT infrastructure, networks, and endpoints, cyber criminals bring new tools to the market, refine attack methods, or use unknown techniques to successfully carry out cyber attacks. Anyone who wants to stay as well informed as possible in the multi-layered environment is dependent on regular updates. This applies equally to technically interested users and IT staff. One popular source of information in Germany is the podcast. More than 40% of all Germans regularly listen to podcasts - one fifth of them daily. We asked our IT security consultants for recommendations on ethical hacking and present our top 5 most popular cybersecurity podcasts here.