Cybersecurity Mistakes, Some Off-Beam, Get You Fired. Here is Why.

The irony lies in the fact that though companies want their systems secured, security is not their number one priority.

The digital world has opened up our private spaces so much that, there isn’t anything private left. Particularly, sensitive data that IT companies dabble in, on a day-to-day basis, is at utmost risk. That is the reason why every company is now looking forward to hiring cybersecurity experts. The irony lies in the fact that though companies want their systems secured, security is not their number one priority. This is where the role of a cybersecurity expert gets complicated. Trained in cybersecurity strategies, their sole responsibility lies in keeping the company in good cyber-health by constantly monitoring for possible threats and salvaging existing data breaches. Even if they follow company directives to the hilt, there are many instances they might get terminated, just for taking their responsibilities too far. Here is a list of a few scenarios which might cost a cybersecurity expert his job

1. Interrupting core business processes: Cybersecurity experts’ main concerns lie in preventing breaches, for which they may need to disable a few important functions of the business. If this goes against any major business interest of the company, the person should ideally be looking forward to leaving the company.

2. Disrupting CEO’s access to trivial websites or applications: CEOs want everything at the heck of their command. Though unfortunate, it is the truth. They cannot withstand being prevented from accessing even the most irrelevant detail either in the personal or business domain. Be it personal e-mails or random sites one browses, most CEOs cannot stand the idea of trading authority with security. Usually, firewalls are installed to prevent employees from accessing unnecessary websites on the net. Security experts should just remember, that there should be a few exceptions.

3. Taking a sneak-peek into confidential data: Indeed, there is a lot of data that a security expert can access at the click of the mouse, from employee mails to confidential reports, and corporate communication. The responsibility of how much the IT guy can access lies on himself or rather companies’ security guidelines. Instead of having unauthorised access to data, ensure employees have appropriate security keys to protect their valuable information from external and internal breaches.

4. Invading into other’s privacy: Smart workspace is the new normal, with smart gadgets like automatic attendance systems, 360-degree surveillance cams, and smart Wifi scanners. Cybersecurity executives are very likely to have access to every move of all the people working there. Unless under exigencies, this information is meant to be confidential even to the higher authorities. With every access to a record being documented, it is in the best interests of the admin to exercise his power of snooping judiciously.

5. Exploiting real data for testing: For generations, it was synonymous with putting data to use to achieve something functional. Now that, data generation applications are available, using real data for testing isn’t suggested unless the cybersecurity expert is looking for a job change. As the test systems are the favourite for hackers and intruders, the new privacy rules stipulate generating new data.

6. Misusing company’s passwords: When a working password is used over a personal system or over the internet, it gives way to phishing attacks. Apparently, network credentials are very much sought after by hackers, and therefore, ensuring that employees, including cybersecurity experts, do not use passwords over random networks should come as a priority.

7. Misjudging false positives: It is akin to overlooking a security event among many probable events which hold the potential to cause a breach. When Target, a prominent e-commerce company ran its security audit, it found trojan malware installed on its systems. Apparently, the cybersecurity team deemed the login as a false positive, which in other words, is counting the malware as absent. This has cost the company millions of dollars and the security executives their jobs.

8. Fire and forget ANY-ANY condition:  When a system is installed with security ware, there are many firewalls that work towards preventing information to seep in. Initially, firewalls activate the least permissive, deny-by-default mechanism which sometimes comes in the way of working of an application. If the cybersecurity executive suspects the firewall is responsible for it, he might create an “allow ANY ANY” rule, which precisely means asking the firewall to allow every and any kind of information. But at times they forget that this condition has been activated after the issue resolves, giving way to a security breach. If this gap is discovered by an auditor, well and good, otherwise if a hacker happens to find his way through it, the executive might be shown the door.

9. Disregard the practice of changing passwords: Ideally, admin and user passwords have to be changed within 45 to 90 days. When the security expert disregards this norm, it gives way to unauthorised access to the company’s data. Unfortunately, not changing the passwords for admin and user accounts is a norm more than an exception. Often times it happens that admin passwords are automated while other passwords are left unchanged. It leads to discrepancies whenever the automated passwords change, creating a disruption in the workflow.

10. Crying wolf at the hint of a ‘possible’ threat: Indeed, it takes experience skill, and experience to identify a real threat. Companies face thousands of threats out of which only a few turn out to be real and damaging. There is no point in raising a flag for every security threat they get a sense of. Definitely, this tendency will show up in long-term career mobility, if not in immediate removal.

Share This Article

Do the sharing thingy

Comments are closed.