When your security is compromised from within

Even with the best security systems in place, the unpredictability of end users from within your network often weakens security links. Here’s a closer look at end user activities that can create breaks in your security chain, along with tips for prevention.

42%

Although 42% of data breaches are caused by tech errors, human error is still the leading cause, at 58% internationally.2

Possible breaches from local and remote workforces

As the number of devices and locations that employees can work from increases, so does the threat potential. Companies are no longer confined to a single space, but rather, spanning countries and time zones, while our systems are connecting full-time employees, vendors, and contractors through multiple devices. Each new device and end user connected to your network is another entry point for a potential attack.

67%

of IT security practitioners are unable to detect which employees use insecure mobile devices, which puts sensitive data at risk.3


Strengthen your chain:

01

When it’s difficult for employees to access information, end users will try to find ways around IT and security policies to get their jobs done quickly. Enable your workforce to be compliant by providing them with easy access to approved company data and tools across devices, both in the office and remotely.

02

Leverage multi-factor authentication and mobile application management to help prevent unauthorised access to company information.

03

Give your IT team the tools to monitor and remotely identify and resolve issues or to wipe devices when threats arise.


Intentional breaches from within

Unfortunately, employees sometimes purposefully misuse company data. Even small leaks can lead to significant losses.

60%

of employees who leave with secure data do so in hopes of profiting from it in the future.3

71%

of cases of insider misuse target personal and medical information.3


Strengthen your chain:

Strengthen your chain

01

Use tools that can monitor suspicious activity within your network and shut down a user account.

02

Personalise access to specific roles and responsibilities within your organisation.

03

Make it easy for IT to give employees access when they need it and to remove it when they don’t.


When your infrastructure is threatened by external malicious sources

Attacks from outside your organisation with malicious intent are a common cause of security breaches. Methods such as social engineering have existed as long as mankind—and certainly as long as people have been sending emails and browsing the Internet. With increased awareness comes increased creativity from attackers, and even the savviest end user can fall victim.5

3.3

billion credentials were reported stolen in 2016.6

23%

of social engineering phishing attacks are successful due to recipients opening the messages.6

Phishing
Phishing

Redirects users to suspicious URLs that appear legitimate, to steal credentials or other personal information.

Pretexting

Pretexting

Creates a fake scenario to gain user trust in order to steal personal information.

Baiting
Baiting

Infected USB drives or disks are left in public places, in hopes that someone will insert them into a computer. This tactic can also be found on the web in the form of download links.

Tailgating
Tailgating

Attackers gain access to restricted areas by following an employee with proper authentication.

Quid pro quo
Quid pro quo

Promises some kind of benefit for the victim’s information.

Recovering your data, at a price

Ransomware (attackers holding data ransom for a hefty fee) isn’t just increasing in frequency; more victims are also paying to get their data back. Ransomware can be avoided by reverting back to the basics: awareness, education, hygiene, frequent backups, a plan of action, and, certainly, software.


Take a holistic approach to address weak links and strengthen your entire security chain.

Microsoft 365 provides a fully integrated, end-to-end toolkit of defences and addresses every component of your chain of security measures. Choose a trusted, secure, and productive way to work that brings together the best of hardware, software, and network security.