Expert gives advice on data protection in companies

In the era of digital technologies, data leakage is a significant problem for both organizations and ordinary users. Anton Bochkarev, a member of the expert council of the Cyberespionage project, told Izvestia on December 9 about how not to become a victim of malicious hackers.

"For a company, a data leak is one of the most common unacceptable events, that is, an event resulting from a cyberattack that makes it impossible to achieve the operational and strategic goals of the organization or leads to a significant disruption of its core business," Bochkarev notes.

According to him, there has been an increase in the number of cyberattacks in recent years, and many companies have already suffered data breaches. The consequences of such incidents have ranged from financial losses to complete loss of intellectual property. One of the most important tasks of a company is to protect confidential corporate information. In case of data theft, an organization risks losing not only valuable assets, but also damages its main resource - customer trust, and may face potential fines from regulatory authorities.

According to the expert, one of the most common mistakes on the Internet is the use of passwords that are easy to guess or are weak. You should use complex and unique passwords for each of your accounts. In addition, besides passwords, it is recommended to enable two-factor authentication or switch to logging in completely with one-time codes. However, the optimal solution for storing employee passwords would be to utilize corporate password managers.

"The human factor is one of the main causes of cyber risks. Thus, theft of data and its distribution in the public domain can be caused by the lack of necessary skills and especially knowledge of employees of companies to counter phishing attacks," Bochkarev said.

The expert noted that often in the process of work users use their personal or home devices, which may have been previously exposed to hacking and are beyond the control of the company. Ordinary users should avoid this, as using company security features to control such devices is legally unacceptable.

In addition, providing employees with access to more data than is required to perform their tasks increases the risk of information leaks. However, if access is allocated strictly according to the roles and functions of employees, such risks can be significantly reduced. In general, the principle of least privilege should be observed, including network access, which is achieved through quality network segmentation.

"Threats of cyberattacks are extremely relevant for almost any company and part of users. Companies are a higher priority target for attackers, but also the consequences of a hack in organizations can be catastrophic. <...> Therefore, top management needs to be very attentive to cybersecurity, <...> do everything possible to make it difficult for cybercriminals to develop an attack," Bochkarev summarized.

Earlier, on December 4, Igor Bederov, director of the investigation department of T.Hunter, told Izvestia about the danger of the "spoofing" fraud scheme. According to him, this is a type of cyberattack when an attacker masquerades as another person, company or object to gain the trust of the user.