It can be a daunting and cumbersome task to correctly identify the lurking cyber threats that exist in the everyday office environment… let alone combat them. Enterprises are in a transformative period, as many businesses disrupt their current workflows in their quest to undergo a digital transformation. Yet, with such progressive and rapid change, hidden dangers can loom. And while it can be a common assumption that most serious risks to an organization are from perpetrators outside of the office trying to worm their way in and compromise data, it is actually the potential security vulnerabilities that can hide in plain sight directly in the office environment that can be the most concerning.

In an ongoing mission to help companies in their efforts to proactively protect themselves and close critical gaps that may now exist in their cybersecurity agendas*, Canon U.S.A., Inc. recently commissioned global tech market advisory firm ABI Research to conduct a survey** that explores the top cyber threats facing today’s enterprises.

More than one thousand U.S. IT professionals were surveyed aiming to uncover the key cybersecurity challenges and threats. The study discovered that the majority of participants believed internal threats like malicious insiders (30%) and human error (25%) to be the two top sources of security breaches which, in total, accounted more than external, Internet-based targeted attacks or sources. Additionally, three pertinent cyber-threat sources have been revealed to be at the top of the consideration list for IT professionals:  malware and ransomware, compromised devices, and social engineering.

                                                       Internal threats like malicious insiders (30%) and human error (25%) are believed to be the two top sources of security breaches.

Malware and Ransomware

Somewhat shockingly, while more than one-third of respondents consider malware and ransomware a first priority threat, 25% say that employees have limited to no security awareness, nor do they understand their role in prevention. Put an awareness program in place so employees understand their part in adhering to security standards.

  1. Never pay the ransom. Don’t reward the criminal.
  2. Have a good backup so the restoration of your files can quickly provide access to your data.
  3. Phishers are good at deception and can obtain personal information from employees if they’re not careful. Advise them to be leery of unsolicited emails, text or instant messages.
  4. Maintain a strong firewall and install security software from a proven software company. There are fake antivirus software programs that will install malware.
  5. All incoming emails should pass through a content filter. The filter catches known threats and will give an alert when attacks are lurking in attachments.
  6. Update regularly when relevant patches become available. This is an absolute necessity to prevent infection.
  7. A mobile workforce needs to be especially vigilant. Never use public wireless internet, but rather us a VPN to shield your activity.

Compromised Devices

In today’s digital age, some organizations choose to empower employees with additional enterprise mobility options like remote working. However, the study revealed that 21% of surveyed IT decision-makers rank compromised devices as a priority threat. Work phones, tablets, and laptops all run the risk of cyberattacks. Yet, there is also another indispensable device in the modern office environment that is often overlooked: the office printer. Cybercriminals have begun to spread malware by spoofing printers and scanners. To deter a spoofing attack and protect a printer/scanner/copier here’s what you should do:

  1. Do not open attachments or click on hyperlinks sent by the vendor, without confirming its legitimacy. Call to confirm that it was sent by the vendor.
  2. If you receive an unsolicited email with a hyperlink, hover the mouse over the link to see the domain or if it looks suspicious, regardless if you think it’s coming from a reliable source.
  3. Keep updated antivirus software installed.
  4. Back-up, back-up, back-up! Important information could be lost forever if attacked, so back-up data.
  5. Cybersecurity is ever-evolving and changing. Stay up to date on what is happening in security and the new ways that cybercriminals are taking advantage of businesses.
  6. Make security a priority. Train your employees and invest in the best software

Social Engineering

41% of survey respondents faced social engineering attacks in the past year alone and at that, nearly 50% of high-ranking IT decision-makers believe that threats originating from their own organization, such as human error and malicious insiders, far outweigh external cybersecurity threats like Distributed Denial of Service (DDoS) or targeted attacks. While this may seem frightening, it also seems to signify a great opportunity to help provide employees with the tools necessary to heighten their security readiness and help companies thwart some potential problems.

  1. Do not open any emails from untrusted sources.
  2. Do not give strangers the benefit of the doubt. Attackers prey off human psychology and curiosity.
  3. Lock your laptop when you step away from your desk.
  4. Invest in good anti-virus software.
  5. Keep an up to date privacy policy for your company and ensure that every employee has a copy.

Educating employees to cyberthreats is the first step towards protecting a company from being victimized. 

* * *

Canon arms its enterprise multifunction printers (MFPs) with user authentication and ID access control through its flagship print management solution, uniFLOW, to help monitor employee document workflow activities within an office environment and limit unauthorized individuals from receiving access to information not meant for their eyes. It then extends that effort externally by strategically partnering with notable third party cloud content (Box®) and email management (mxHero™) solutions to help employees share and collaborate in the cloud while using security features.

*Canon products offer certain security features, yet many variables can impact the security of your devices and data.  Canon does not warrant the use of its features will prevent security issues. Some security features may impact functionality/performance; you may want to test these settings in your environment.

Nothing herein should be construed as legal or regulatory advice concerning applicable laws; customers must have their own qualified counsel determine the feasibility of a solution as it relates to regulatory and statutory compliance.

**ABI Research collected the data from 1,015 respondents through an online survey conducted in April 2019.  Respondents included IT decision-makers at the manager-, director- or C-level, from a full spectrum of U.S. companies, ranging from 500 to 5,000 employees, across multiple industries including Financial, Retail, Government, Manufacturing, e-Commerce, and Media, among others.   The survey included 20 questions comprised of Likert-type, rating scale, rank order, and multiple-choice questions with additional options for open-ended answers.