Data Security for Non-IT Staff: A Guide

In today’s digital age, threats to data security are everywhere. The ever-increasing amount of data generated by businesses, coupled with the rise of sophisticated cyberthreats, means that data security is no longer just the responsibility of IT staff. Non-IT team members, from assistants all the way up to the C suite, also play an important role in data protection — especially if they regularly handle sensitive data.

Luckily, you don’t have to be a security expert to keep yourself and your company safe. Our infographic gives non-IT staff a quick overview of the most common cyberthreats and the steps they can take to prevent them.

This accompanying blog post covers the same threats but in a bit more detail, and it delves into two additional threats. Our goal is to help non-IT staff easily understand the top risk areas and take simple steps to protect themselves and their company.

Ten data security risks and solutions for non-IT staff

The world of cybercrime has grown more and more complex, leaving lots of confusion. With threats ranging from phishing to ransomware, from DDos to XSS to plain old human error, it’s increasingly hard to keep track.

Our guide will help you understand not only the top threats but also the steps you need to take to protect your company’s sensitive data from cyberthreats.

1. Phishing

The problem: ‍Phishing attacks are a form of social engineering where an attacker pretends to be a business or trusted colleague in order to trick you into providing them with sensitive data or account credentials.

The solution: Never offer sensitive information, including passwords and financial information, in response to an unsolicited request by phone, email, or text.

2. Compromised or weak credentials

The problem: ‍Usernames and passwords are often easily guessed, putting data at risk of leaks, phishing scams, malware attacks, and more.

The solution: Make sure to create secure passwords, comply with 2FA and MFA security measures, and ask your IT team if they’re regularly monitoring for leaked credentials.

3. Brute force attacks

The problem: As the name implies, brute force attackers will use a large volume of attempts to guess login credentials until they gain access to your system.

The solution: Your IT team is your best defense against this kind of threat, but make sure you’re using strong passwords so your account isn’t the weak link, changing passwords on a regular basis, and using MFA.

4. Misconfigured security settings

The problem: ‍When cloud services like GCP, Azure, and AWS are misconfigured, unauthorized users may access company data and cause costly breaches and leaks.

The solution: Your IT team will need to be vigilant about checking and monitoring your business’s S3 permissions. For your part, make sure you speak up if you notice that someone has access to data or storage locations they shouldn’t.

5. Ransomware

The problem: ‍Ransomware attackers encrypt data and threaten to either withhold the decryption key or, in a double extortion attack, publish it. Their goal is to receive a sizable ransom payment.

The solution: Back up your critical data, don’t click on any links or attachments you don’t recognize, and educate yourself about ransomware with some of these resources from ShardSecure.

6. Insider threats

The problem: ‍Not only disgruntled employees but also careless ones can expose private information, customer data, and company-specific vulnerabilities.

The solution: Be careful of who you divulge information to, never share login credentials, and double check the recipients of any message where you’re sending sensitive data to external parties.

7. Third-party vendors

The problem: ‍Vendors can pose a significant risk to an organization’s data, as in the case of the 2020 attack where 18,000 SolarWinds customers unknowingly downloaded malicious software in a routine update. The attackers went on to compromise a hundred different companies and a dozen government agencies.

The solution: Your security team should have protocols in place to restrict access for third parties, and they may consider implementing a data protection solution like ShardSecure. Regardless, if you’re the point of contact for a vendor, make sure you don’t divulge any sensitive information or grant any unnecessary access.

8. Human error

The problem: We’re all human. Even though we know to be careful, accidents happen, and everyone makes mistakes at some point. Some of those accidents, however, can have significant consequences for data privacy and security.

The solution: Read up on the scale of human error — it might surprise you — and make sure to immediately report any security errors to your team. After all, owning up to an accident quickly can make all the difference in successful incident response.

9. Malware

The problem: One of the most common attack vectors, malware includes viruses, worms, trojans, and more. Many of these threats enter a system via email attachments and then pretend to be a legitimate program so they can wreak havoc.

The solution: As with ransomware, malware can be prevented by remaining wary of phishing attempts, not clicking suspicious links, and keeping your devices and software updated.

10. Other threats

The problem: Unfortunately, we’ve just scratched the surface of the threat landscape. There are also:

• SQL injections, which use malicious programming to get servers to expose confidential information.
• XSS, or cross-site scripting attacks, which add malicious code to a website to infect visitors.
• DDoS, or distributed denial of service attacks, which flood networks or websites with messages to make them crash.
• Man-in-the-middle attacks, which intercept traffic on public WiFi networks to gain and alter valuable information.

The solution: Never click on suspicious links. Use reasonable care and caution with sensitive data. Be on the lookout for anything unusual, and contact your IT team when in doubt.

Data security with ShardSecure

The sheer abundance of digital threats today leaves many organizations at risk. But with caution, knowledge, and the right tools, you can stay well protected.

ShardSecure’s holistic data control platform offers one way to keep organizations safe from a wide variety of security threats. Our technology protects against the impact of ransomware, misconfigurations, outages, human error, and more. We make data unreadable to unauthorized users, and we keep data accurate and available during disruptions to storage locations.

We’re also extremely easy to integrate, with no changes to user workflows. To learn more about how we’re meeting common cyberthreats with strong data security and resilience, check out our resources page today.

Sources

Stop the Snowball: Protect Yourself from Phishing Scams | NSA

Quick-Guide to Secure Passwords | ConnectSafely

Creating and Managing Strong Passwords | CISA

Top 10 Types of Information Security Threats for IT Teams | TechTarget

A ‘Worst Nightmare’ Cyberattack: The Untold Story of the SolarWinds Hack | NPR

What is an Attack Vector? 16 Common Attack Vectors in 2023 | UpGuard

The Ultimate Guide to SQL Injection | EC-Council

Cross Site Scripting (XSS) | OWASP Foundation

What Is a DDoS Attack and How Does It Work | CompTIA

Fact Sheet: Machine-in-the-Middle Attacks | Internet Society

---