Skip Navigation
BlackBerry ThreatVector Blog

Hey New Guy, Please Don’t Click That Link

As summer ends, so too does that once-in-a-lifetime lull between commencement and a first job. Joining the professional world is exciting and comes with new opportunities and experiences. But it also comes with some added responsibilities as well.

One of these professional responsibilities is following cybersecurity best practices. In today’s world where companies are subject to daily cyberattacks, good security hygiene is a professional imperative and, depending on your industry, a legal and ethical one as well. Trust us when we say that causing a data breach—which costs an average of $3.92 million and often tens of millions more—is not a good first impression.

So, as you head into your very first job, consider these cybersecurity considerations sure to be relevant from day one and beyond.

1.     Beware Phishing Attacks

Although you’ve defeated hundreds of these scams already, corporate phishing attacks are a different beast entirely. In fact, 95% of all attacks on enterprise networks result from  successful spear phishing. These scams pose a particular threat to new hires lacking the context to spot anomalies that would be obvious to more experienced employees.

Imagine, for example, that you receive an email inviting you to a meet-and-greet with top executives. Is that normal? You’re unsure but, not wanting to offend leadership, you immediately click the RSVP link and log in with your credentials. Just like that, your username and password are stolen.

If you think you’d never make such a mistake, think again. A report testing nearly 20,000 people across 144 countries found the average person fell victim to one of every four phishing attempts. In college terms, that’s a passing C but a total F in the cybersecurity realm, where hackers need just one successful opportunity to break in.

So, what can you do to identify a phishing attempt? First, check the actual email address sending you a message; while it may display as John Chairman, the address actually reads john.chairman.lfg@hackingattempturl.com. Second, extend that same concept to website URLs. One phishing scam took users to a perfect copy of the Gmail login portal but with a noticeably different URL. Third, stay calm and take your time if something feels off. That’s especially true if the email tries to create a sense of urgency or panic. Spending an extra few minutes inspecting the email address or running it by a coworker is fine, and your manager will probably praise you for being careful.

2.     Enable Two-Factor Authentication

Let’s pretend, though, that you do succumb to a phishing attack and your password is stolen. Depending on whether you’ve enabled two-factor authentication (2FA), that’s either a serious problem or a minor mistake. With 2FA, users gain an additional layer of control when accessing sensitive systems and data.

That matters in the event of a successful phishing attack, but also as a general cybersecurity best practice because it’s fairly likely your password has been previously stolen. In fact, there are now more stolen records than human beings on Earth. With the majority of people using the same password across accounts, someone may already have access to your brand new corporate login by way of your personal email login.

Interestingly, executives are often the last people to fully implement 2FA safeguards, a problem we previously wrote about and one that BlackBerry 2FA helps solve by supporting all users and devices inside and outside an organization. So, one-up your CEO and set up 2FA for all systems from your very first day.

3.     Practice Secure File Sharing

This is a little trickier because it’s not always something you can control yourself, especially as an entry-level employee. But as an important security consideration throughout your career, it’s worth keeping in mind from day one.

Using freely available file sharing platforms may seem like a simple, innocuous route, but it can come with serious consequences, as we’ve previously noted. Seventy percent of financial services IT professionals, for example, report penalties for compliance failure while 31% report exposing sensitive data to their competition.

Fortunately, secure solutions like BlackBerry Workspaces exist to make content collaboration and file sharing simple and secure. And even if your non-BlackBerry solution is a little more complicated, sacrificing security for ease is never a good trade-off.

We could go on and on about cybersecurity, but the unfortunate reality is awareness and care can only go so far. That’s why BlackBerry is constantly introducing powerful cybersecurity technologies—such as BlackBerry Intelligent Security to integrate context into user access requests—to proactively defend your organization. If you’re lucky, you can utilize these now for a hyper secure working environment.

And if you’re not, we look forward to talking to you in a few short years as you rocket to the top of the business world and place cybersecurity at the forefront of your business strategy! 

About Corporate Communications