Skip to main content


Hand holding Iphone Device

5 cybersecurity mistakes that will put your company’s data at risk

Content sections

Jens Howander, Enfo


Many CEOs and board members are unable to calculate the true cost of a cyber-attack. A lot of companies wait until it’s too late to find out. You’re not worried? Good for you. If you are a bit worried though, here’s our “First-line of defense”.

The key to cybersecurity is to always be proactive and have a holistic organizational approach. Be aware of what’s included in your threat landscape. Although there are no cookie cutter format plans that can just be applied to organizations cyber-risk needs, there are some basic principles that can be followed in order to create and maintain a strong security posture.

One of the biggest targets right now are Office 365 credentials. Cybercriminals access a company’s network and can move laterally undetected trying to locate that treasure trove of data they are looking for.  What kind of information we are talking about varies – it could be anything from proprietary information like plans to launch new products to a database full of credit card numbers. When cyber criminals find valuable information, they either sell it on the dark web, or they can use it for internal purposes and make a profit that way.

That’s how it works in short, now it’s time to learn from other companies’ mistakes.

Here are my top 5 security mistakes that will get your company hacked

Mistake #1
No training for employees

We believe that the most important thing for a company is training their end users. Before you even log into a computer you should have some basic knowledge regarding cybersecurity to include the company’s acceptable use policy. While companies’ cybersecurity budgets may be increasing it is usually spent on technology solutions and not end user training. Teach your employees about the risks and make sure they are aware of current threats. Make user training and awareness a part of the culture within the company and it will pay off in the long run.

Mistake #2
Assuming it can’t happen to you

Don’t be that company. You know the one company who says it will never happen to us. Every year the cybersecurity budget comes up for review and every year the money is re-allocated elsewhere. All because you have not had a security incident yet, or you may not even know you have had one already.  This is more common than people care to admit. There are lots of ‘what if’ scenarios to throw at Senior Leadership to get them to understand just how serious the threat is. What if your network was brought down for 3 weeks because of a ransomware attack? What if payroll could not be paid out during that time frame? Its not just about the loss of data but also the physical damage caused by these cybercriminals and the long-lasting impact it has on an organization. Once again, you must get senior leadership involved and taking this seriously. This is an ongoing battle that will not soon go away.

Mistake #3
Carelessness with social media

Social media can pose several risks to both organizations and individuals when used in an inappropriate or unsafe manner.
Today social media is a common way for an adversary to gather information on organizations and its employees, projects and systems. When sensitive or inappropriate information is posted on social media, it has the potential to harm your company’s interests, security or even reputation. Information that appears to be only related to one subject and harmless could, if collated with other information, have a sizable impact.

Personal information posted on social media can also be used by an adversary. It can be used to develop a detailed profile of an individual’s lifestyle and hobbies. This information could be used in social engineering campaigns aimed at extracting sensitive information from individuals or influencing individuals to compromise an organization’s information systems.

Mistake #4
I got Antivirus, I’m good

Almost every end user we interact with at first believes anti-virus software is enough to keep their sensitive data secure. Cybercriminals are becoming more sophisticated and persistent by the day, which means they’re identifying newer vulnerabilities to exploit – vulnerabilities that cannot be detected with traditional malware prevention methods. As the criminals are evolving so must cybersecurity professionals and our techniques. We use a mixture of continuous monitoring, threat hunting, machine learning and NexGen Antivirus in a very proactive approach.

Mistake #5
Everyday activities could be the backdoor

You must apply common sense in your everyday activities when it comes to security. Whether it is to park in the same parking space every day or taking the same route to work. There are certain things you should do from a physical security stand point. Let’s try not to be so predictable. How easily companies let somebody in the office without proper verification. Maybe we don’t issue visitors badges. Or we don’t escort our visitors out through the door. We also don’t have visitors signing in. How many people leave their computers unlocked or information still written on a whiteboard from a previous meeting? Simple mistakes with potentially serious consequences. We think every company must have a good review of their daily routines and the end of day office sanitation procedures.

We’ve established that we are white hats – working to protect some of the most valuable property companies own – their data. We work hard every day to educate and inform CEOs and board members on the potential dangers of cyber-attacks. Many companies today are working reactively, leaving the momentum to cyber adversaries. You have to get proactive. Please don't hesitate to contact me if you want to know how we can support you.


Jens Howander is a manager in Cybersecurity at Enfo