Cyberattacks do not always start with some dark-web plot. Sometimes they start with one person making one small mistake. Hackers often count on the fact that most employees will fail to check who can view a document. They suspect many will forward sensitive files without a second glance.
The governance platform Syskit has reported the minor mistakes people make with huge consequences. All it takes is one file shared too broadly. One link sent without thinking. One freelancer who still has access long after the project’s over.
When these tiny slip-ups happen (and they do happen), the consequences can be massive, such as:
- Sensitive files exposed.
- Client trust shattered.
- Compliance violations that lead to fines.
- Data breaches that make headlines with your company’s name attached.
The report identifies ten ways an employee might be putting company data at risk, and how to fix it.
You Share a Document, But Have No Idea Who Can Actually See It.
That link you grabbed? It might be set to “anyone on the Internet.”
Do this instead: Always check the sharing settings. If you wouldn’t pin it to your office door, don’t share it with “anyone with the link.”
You Never Mark Files as “Confidential”, Even When They Are
That financial report, customer list, or internal roadmap? If you don’t label it properly, your coworkers (and their Copilots, AI tools, and sharing settings) may treat it like just another casual file. Without sensitivity labels, there’s nothing stopping that doc from being shared far too widely.
Do this instead: Use your company’s sensitivity labels (like “Confidential” or “Internal Only”) when sharing or saving important files. Think of it like slapping a “Private” sticker on a folder in the real world, so others know to handle it with care.
You Drop Sensitive Info In Chat Like It’s No Big Deal
“Here’s that password.” “Client SSN is 1234…” Stop. Right. There.
Do this instead: Keep private data out of casual chats. If you wouldn’t say it out loud in a crowded coffee shop, don’t type it into Teams or Slack.
Forwarding Work Files to Your Personal Email
It feels so convenient to just send that document to your personal inbox so you can work on it later. But personal accounts don’t have the same security protections as your company systems, and that makes them an easy target.
Pro tip: Keep work files in company-approved storage. It’s safer for you and your team.
You Forward an Email With Sensitive Attachments Without a Second Thought
One click, and now the budget doc is floating in inbox limbo, maybe forwarded again, maybe downloaded, maybe shared in ways you never imagined.
Do this instead: Before you hit “forward,” ask yourself: does this person actually need these files?
You Use the Same Password for Netflix and Your Work Account
Hackers love password repeats. It’s like using one key for your house, your office, and your car.
Do this instead: Get a password manager. Use unique passwords for everything. And yes, that includes your dog’s Instagram.
You Skip Two-Factor Authentication Because It’s Annoying
“I’ll set it up later.”
Do this instead: Turn on two-factor now. It’s the seatbelt of the digital world, mildly annoying, totally worth it.
You Let Copilot Draft Emails or Documents Without Reviewing What It Pulled In
It feels like magic: type a prompt, and Copilot pulls together a quick draft from your files, chats, and past documents. But here’s the catch. Copilot doesn’t always know what’s confidential or context-specific. It might drop in sensitive details, internal notes, or early versions of documents you didn’t mean to share.
Do this instead: Always review AI-generated drafts carefully. Check the sources it pulled from, and never assume the AI understands what should stay private.
You Assume IT Has Your Back (and Handles All the Risk)
Yes, your IT team works hard, but they can’t stop you from accidentally inviting the world into your shared folder.
Do this instead: Think before you share. Security is a team sport.
You Leave Your Laptop Unlocked While Grabbing Coffee
You step away for “just a second”, but that’s all it takes for someone to peek, snap a photo of your screen, or plug in a USB stick.
Do this instead: Lock your screen every time you walk away (yes, even at home).
