diff --git a/backend/src/entities/company-info/company-info.controller.ts b/backend/src/entities/company-info/company-info.controller.ts
index 59fbda6d2..54dd8174c 100644
--- a/backend/src/entities/company-info/company-info.controller.ts
+++ b/backend/src/entities/company-info/company-info.controller.ts
@@ -1,4 +1,5 @@
 import {
+  BadRequestException,
   Body,
   Controller,
   Delete,
@@ -336,6 +337,9 @@ export class CompanyInfoController {
     @UserId() userId: string,
     @Query('displayMode') displayMode: string,
   ): Promise<SuccessResponse> {
+    if (displayMode !== 'on' && displayMode !== 'off') {
+      throw new BadRequestException(Messages.INVALID_DISPLAY_MODE);
+    }
     const newDisplayMode = displayMode === 'on';
     const inputData: ToggleTestConnectionDisplayModeDs = {
       userId,
diff --git a/backend/src/entities/user/user.controller.ts b/backend/src/entities/user/user.controller.ts
index 78f3b0dcb..b4e4d905f 100644
--- a/backend/src/entities/user/user.controller.ts
+++ b/backend/src/entities/user/user.controller.ts
@@ -1,4 +1,5 @@
 import {
+  BadRequestException,
   Body,
   Controller,
   Get,
@@ -480,6 +481,9 @@ export class UserController {
     @UserId() userId: string,
     @Query('displayMode') displayMode: string,
   ): Promise<SuccessResponse> {
+    if (displayMode !== 'on' && displayMode !== 'off') {
+      throw new BadRequestException(Messages.INVALID_DISPLAY_MODE);
+    }
     const newDisplayMode = displayMode === 'on';
     const toggleConnectionDisplayModeDs = {
       userId: userId,
diff --git a/backend/src/exceptions/text/messages.ts b/backend/src/exceptions/text/messages.ts
index 17500b80d..0b5a097fc 100644
--- a/backend/src/exceptions/text/messages.ts
+++ b/backend/src/exceptions/text/messages.ts
@@ -167,6 +167,7 @@ export const Messages = {
   INCORRECT_TABLE_LOG_ACTION_TYPE: `Incorrect log operation type, supported types are ${enumToString(
     LogOperationTypeEnum,
   )}`,
+  INVALID_DISPLAY_MODE: `Invalid display mode. Supported values are "on" and "off"`,
   INVALID_USERNAME_OR_PASSWORD: `Username or password is invalid`,
   INVALID_USER_COMPANY_ROLE: `Invalid user role in company. Only supported is ${enumToString(UserRoleEnum)}`,
   INVALID_JWT_TOKEN: `JWT token syntax is invalid`,