Cybersecurity Mistakes That Could Cost You Your Job
- by Justice Levine
There is never a good time for employees to make mistakes, especially for those whose work involves the cybersecurity of their organization. A recent study found that one in four employees lost their job in the past year after making a mistake that compromised their company’s security.
The same research found people are falling for more advanced phishing scams, and the business stakes for errors are much higher. The security of your company’s email has never been more important, and implementing multiple layers of proactive email protection is critical in preventing damaging security incidents that could potentially cost you your job. This article will discuss employees’ mistakes that have led to termination, how to avoid them, and the proper security measures your company can take to protect against attacks and breaches.
Breaking Down the Numbers: the Latest Cybersecurity Layoff Statistics
The economic downturn and potential recession may lead to more job losses. Over the past year, many cybersecurity companies have announced layoffs due to reorganization strategies stemming from the global economic slowdown. The latest cybersecurity layoff statistics show:
- The U.S. needs nearly 530,000 additional cybersecurity workers to bridge the gap.
- Layoffs are affecting both tech giants and smaller cybersecurity vendor firms.
- In 2022 alone, over 120,000 people have been dismissed from their job at some of the most prominent players in tech, including Meta, Amazon, Netflix, and soon Google, as well as smaller firms and startups.
- 34 security firms have announced layoffs or workforce restructuring since the start of 2022.
- Some of the affected cybersecurity firms include OneTrust (950 staff laid off, 25% of employees), Sophos (450, 10%), Lacework (300, 20%), Cybereason (200, 17%), and OwnBackup (170, 17%).
50% of employees reported emailing the wrong person due to the pressure of sending the email quickly, compared to the 34% reported in 2020. Additionally, over 40% of participants stated that distraction and fatigue were the reasons behind falling victim to phishing attacks. More workers blamed fatigue and distraction for their mistakes in the past year, likely due to the shift towards hybrid work.
Mistakes That Could Cost You Your Job
Stress can have a significant impact on cybersecurity behavior, especially in remote or hybrid work environments. A recent survey found nearly half of respondents admitted to sending emails to the wrong recipient due to time constraints. This trend was also influenced by distraction and fatigue.
This problem has been further complicated by the increasing number of collaboration apps used both for internal and external communications. Even if an organization has secured its video conferencing system, the risk surface increases when employees use unapproved applications to place external calls.
Five mistakes that could cost you your job include:
- Failing to keep up with the latest threats and trends: cybersecurity is an ever-evolving field. If you don't stay up to date on the latest threats and attack techniques and defensive strategies, it can make you ineffective and irrelevant.
- Neglecting your professional development: to stay at the top of your field, cybersecurity professionals must constantly improve their knowledge and skills. Failure to do so could hinder your career and leave you behind.
- Not taking security seriously enough: cybersecurity is an essential function of any organization. Failure to take this seriously can have catastrophic consequences such as data breach and financial losses, or reputational damage. Neglecting this responsibility could lead to disciplinary action or even termination.
- Violating ethical standards: cybersecurity professionals are required to adhere to strict ethical standards in order to maintain the confidentiality, integrity and availability of data and information systems. Violations of ethical standards such as sharing or accessing confidential information without permission or gaining access to it without permission can lead to disciplinary action and termination.
- Failing to communicate effectively: communication is an essential skill for cybersecurity professionals. It allows them to communicate complex security concepts with non-technical stakeholders, and to collaborate effectively with different departments. Communication failures can result in misunderstandings, mistakes, delays, or even job losses.
The harsher consequences of mistakes, such as being fired, have led to fewer employees reporting security incidents to IT. The security teams have less visibility of threats within the organization as a result. To build a stronger culture of security, we need to create a transparent, shame-free environment, and an employee experience that is positive and secure. Changes in the way we work have increased our exposure to threats. Modernizing security awareness training is necessary to ensure that employees are aware of the risks they face in today's cloud-first environment. Modernizing data security is essential for businesses to acknowledge that mistakes are bound to happen.
What Corporations Can Do to Minimize Burnout
To encourage open communication and avoid mistakes, it is important for organizations to create a transparent and shame-free environment. When it comes to safety, companies should encourage positive safety experiences to establish a partnership mindset between safety teams and staff. These positive incentives can help combat safety cynicism and build stronger safety cultures.
Given the impact of stress on cybersecurity behaviors, particularly in remote or hybrid work environments, companies should encourage employees to take regular breaks between virtual meetings or have "meeting without video" days to prevent cognitive overload caused by Zoom fatigue. In addition, smart technology solutions can be implemented to intervene when an error is about to occur, prompting individuals to make safe cybersecurity decisions.
Business leaders should also educate employees about advanced phishing attacks, such as work email compromise and account takeover, as well as new channels through which cybercriminals may target them, such as smishing. By providing employees with knowledge on what to watch out for, why they may be targeted, and what steps to take if something seems suspicious, they will be better equipped to identify attacks and report them to IT teams with confidence.
You can reduce the impact and cost of an attack by preparing properly. Implementing stronger practices can reduce the likelihood of receiving email threats, and minimize any damage. These practices include:
Enhance Your Email Security Strategy
Many companies believe that endpoint security alone is sufficient to protect their data. While it's a good place to start, endpoint security can't keep up with new threats. It is important to have additional layers of protection, as well as experts who can monitor for issues and mitigate them. This additional protection must be able to adapt to and learn from new threats and give you the information needed to make informed decisions.
Protect Email with Sender Authentication
Sender authentication allows you to verify that an email is indeed from the company or person it says it is from. This protects your email account against phishing attacks and email fraud. Three standards and protocols are used for sender authentication: SPF DKIM and DMARC. SPF prevents people from sending emails pretending to be another person. DKIM verifies that the email received has not been altered or fabricated. DMARC combines SPF with DKIM, giving domain owners greater control over their emails.
Invest in Fully Managed Email Security Services
In order for organizations to protect their business email from advanced attacks, they need a managed email security solution that offers multiple layers of adaptive protection. This solution should be designed to provide protection against specific threats, and the expertise and support required to safeguard sensitive information and detect and stop threats in real-time.
New Phishing Campaign Exploits Cyber Security Tool, Raises Alarms
Cybercriminals have created a new phishing campaign that impersonates Flipper Zero, a popular cyber security tool used by white-hat hackers and penetration testers. Flipper Zero is so widely popular that cybercriminals have created a fake shop pretending to sell Flipper Zero to trick people into giving away their personal information and cryptocurrency payments.
The scam was discovered after three fake Twitter accounts and two fake Flipper Zero stores were spotted. These fake accounts are very similar to the real Flipper Zero accounts, except they use a capital "i" instead of a lowercase "l" in their handle and website. The bogus accounts were responding to tweets, particularly those that asked about the availability of Flipper Zero. The email address listed in the bogus accounts directs users to a fake shop that pretends to sell Flipper Zero at its market price of $199. Victims are asked to provide their email addresses, full names, and shipping addresses, and then pay via cryptocurrency.
Potential customers of Flipper Zero should remain cautious about any online interactions with the company unless they're visiting the official store. Attackers can take control of various devices, including smart home devices, door locks, and security cameras, using the Flipper Zero scam. They can then use these devices to spy on victims or carry out malicious activities.
Additionally, malware can be installed on devices using the Flipper Zero scam, designed to cause harm to the victim’s device and steal data. Attackers can also use the Flipper Zero scam to hijack wireless signals, giving them access to private information transmitted over Wi-Fi networks.
Keep Learning About Cybersecurity Best Practices
To ensure job security and the sanctity of business email, organizations must invest in a proactive, multi-layered email security solution, and employees must engage in cybersecurity best practices, knowing that both the safety of their company and their job are on the line.
- Learn more about effectively protecting your business from ransomware.
- Improve your email security posture to protect against attacks by following best practices.
- Keeping the integrity of your email safe requires securing the cloud with spam filtering and enterprise-grade anti-spam services.
- Get the latest updates on how to stay safe online.
Must Read Blog Posts
- Demystifying Phishing Attacks: How to Protect Yourself in 2023
- What You Need to Know to Shield Your Business from Ransomware
- Shortcomings of Endpoint Security in Securing Business Email
- Microsoft 365 Email Security Limitations You Should Know in 2023
- Complete Guide to Email Viruses & Best Practices to Avoid Infections in 2023
- How Phishing Emails Bypass Microsoft 365 Default Security
Latest Blog Articles
- What To Prioritize In Ransomware Protection
- Cybersecurity Mistakes That Could Cost You Your Job
- Top Microsoft 365 Security Concerns & How To Overcome Them
- Why Cybercrime Continues to Thrive, And What You Can Do About It
- Top Malware Strains and How to Mitigate Them
- What is the Difference Between SIEM and SOAR?
- SPF, DKIM & DMARC: What Are They & How Do They Secure Email Against Sender Fraud?
- Assessing the ROI of Your Email Security Solution
- What is a Brute-Force Attack?
- How Guardian Digital Stops Impersonation Attacks