Imagine you work in the HR department for a medium-sized startup. A few days before payday, you receive an email from an external consultant about updates to their bank details. Apart from asking you to invoice them to their new bank account, there’s really nothing suspicious about this email.
What would you do? Would you update the consultant’s bank details or double-check with them directly? It’s certainly a difficult choice, as at this point you’re only days away from payday, and you’re probably overworked.
If your first thought was updating the consultant payment details, you’re not alone! This is a common data incident, where scammers get emails from legitimate team members (usually the email address looks almost exactly like the actual email) asking to be paid to a new bank account.
Data Incidents are common
Medibank
Woolworths Optus How can monday.com help? #1 Set up access restrictions #2 Use Two-factor Idenification #3 Enable Audit Trails #4 Regularly Back Up your data
Data Incidents are common
Cybersecurity incidents happen every day. In a recent study, 87% of CFOs in APAC responded that they had more than three security incidents in the last year. Here are some recent stories:
Medibank: A Rookie Mistake
Medibank, the Australian private health insurer, fell victim to a cyber-attack in October 2022, which the company initially believed had not resulted in sensitive customer data being accessed. However, on November 7 2022, the company admitted that all their customers (9.7 million) were affected. Medibank stated that the attacker accessed personal information like names, dates of birth, addresses, and phone numbers as well as sensitive data like Medicare, passport numbers, health claims data, and health provider details. Despite the attacker’s threat to release private medical information if a ransom was not paid, Medibank refused to pay. The attack resulted in hundreds of Medibank customers' health claims being posted on the dark web, including claims related to drug use, termination of pregnancy, and the harmful use of alcohol. According to the health insurer, their systems were breached through the use of a Medibank username and password that were stolen from a third-party IT service provider.
Woolworth’s Not Very Good Deal
Optus, the worst data breach in Australia's history?
Avoid becoming part of the story with some simple hacks to protect your information on monday.com security features
Hack 1: Set Up Access Restrictions
The first step is to set up access restrictions. You can do this by assigning different levels of access to your team members. You can choose to give them read-only access or full access. It's important to only give access to those who need it. This will reduce the risk of data breaches and unauthorized access.
Here’s how to set up custom permissions:
Click on your profile picture in the bottom left corner of the screen.
Select "Administration" from the options that appear.
In the admin section, choose "Permissions" from the left-hand menu.
See a list of user types and features that can be enabled or disabled for each one.
Select the appropriate settings based on your preferences.
Here's hwo to setup account permissions:
Keep in mind, this option is only available in the enterprise plan. Apart from multi-level permissions, this tier also includes enterprise-grade security and governance, advanced reporting and analytics, and tailored onboarding. Try Enterprise here.
Here are the most common monday.com permission types:
📌 See how to change account permissions in more detail.
Hack 2: Use Two-Factor Authentication
The second step is to use two-factor authentication. This is an extra layer of security that requires users to provide two forms of identification before accessing their accounts. It's a simple yet effective way to protect your client's data from hackers and cybercriminals.
Hack 3: Enable Audit Trails
By allowing audit trails on monday.com, you’ll be able to keep track of all the changes made to your client's data. You'll see who made the changes and when they were made. This will help you identify any unauthorized changes and take corrective action immediately.
Hack 4: Regularly Back Up Your Data
You can do this by exporting your data and storing it in a secure location. This will ensure that you have a copy of your client's data in case of any system failures or data breaches.
Hack 5: In case of panic, push the Panic Button
If your team's login information is at risk of being compromised, or you have detected suspicious activity on your account, monday.com launched a Panic Button; a "Panic mode" feature to temporarily block an account.
When you push select this option, no one, including account administrators, will be able to access it until an admin requests assistance.
Bottom Line
Data incidents and cybersecurity threats happen almost every day. Recent stories like Medibank's rookie mistake and Optus' terrible data breach show how easily anyone can be tricked into revealing sensitive information. Setting up access restrictions is one simple hack to protect your information, and only giving access to those who need it will reduce the risk of data breaches and unauthorized access.
monday.com Permissions can help you keep data secure for you and your clients. Get a free consultation today from Kick Consulting, a monday.com partner and expert to make sure your data is safe and sound!
