What's the biggest security risk? Have you guessed it? No, it's not the intricacies of BYOD.
- Posting information on social media.
- Opening unexpected attachments through email.
- Sending sensitive files and messages through email.
- Using work email for personal use.
- Easy to guess passwords.
- Passwords written down in plain sight.
- Falling victim to scams and social engineering tactics.
Theses are the most common reasons. These are done unintentionally for the most part.
Update: on a related note, here's an article I wrote covering a few tips on how to avoid becoming a victim of fraud.
Update 2: CIO.com has posted a new article on the 6 biggest business security risks and how you can fight back. You can see a quick glance with my commentary below each one:
- Disgruntled Employees
- Yes, this is important. Misuse of company property isn't only intentional. Insider threats can be accidental.
- Careless or Uninformed Employees
- There we go. I would say this is the biggest one. People not knowing is one thing. People not caring or straight recklessness is even more dangerous.
- Mobile Devices (BYOD)
- Ah yes, the nod to BYOD. You couldn't go through 2008 – 2015 without hearing about this. It's important but largely overblown.
- Cloud Applications
- This one is indeed scary. Not a whole lot is discussed about this and cloud setups have been largely configured incorrectly.
- Unpatched or Unpatchable Devices
- This is the bane of every IT pro out there. You want to keep things updated but it's just not that simple. Even though this relates to technology, this is more of a people problem than it lets on.
- Third-Party Service Providers
- Outsourcing is definitely something that's been trending over the last 6 years. This is a good one since it's basically number 1 and 2, but outside your organization. This one can be especially dangerous. Validation is critical here.