Employees are the weak link in your  cyber security

So, you think that the biggest threat to your cyber security is still external? Think again. The biggest threat to your cybersecurity today isn’t sketchy people in different coloured hats – it’s your employees.

Hackers may be becoming more advanced, however, the percentage of cyber risks due to internal human error is substantially higher than the level of external threat, Anna Aquilina, director of EY’s EMEIA Cybersecurity Centre of Excellence explains that “people are just a very large attack surface. Whether it’s a nation-state, a hacker or an organised criminal network, they will look for ways ‘in’ through people.[1] As businesses shift more and more into the digital space, it is no surprise that cyber security has become globally the fastest-growing industry in 2018. The question therefore is – why have employees become the weakest link in cyber defence and how can businesses holistically calibrate cyber security in their core competencies?

What’s going wrong?

Due to the vast range and complexity of potential scams, employees can be targeted or exposed to risk in numerous ways. Most commonly, unsuspecting staff are compromised by schemes such as email phishing, spoof websites and downloads with embedded malware. In 2014, as many as 100 eBay employees were targeted by a phishing campaign that infiltrated eBay’s internal network. The attackers had unprecedented access to eBay’s systems for a staggering 229 days – along with the personal details of over 145million customers![2]

Emails from ‘reputable’ companies such as PayPal or Apple iTunes, may not be what they appear. All it takes is for one employee to click an embedded link and a virus can download and infiltrate the business’s entire computer system in minutes. It is also not unheard of for scammers to pose as other employees, banks or even friends in a bid to gain access.

Examples of successful scams include HMRC emails suggesting the receiver is due a rebate – all they must do to claim it is enter a few personal details. Similar scams involved sending spoof invoices from PayPal, prompting the user to enter their details to validate or decline a transaction.

Workers who access the system remotely, if not adequately protected, can also find that their data could be accessed via unsecured public Wi-Fi networks in hotels and meeting venues. Lack of suitable malware protection, outdated operating systems and inadequate firewalls can all leave your staff unwittingly open to data exposure.

Removable hardware and storage devices such as USB sticks, external hard-drives and memory cards (often holding unencrypted or sensitive data) can be lost, misplaced in public places or even stolen. The same goes for entire laptops, tablets and mobile devices used for work. 18% of data security incidents in 2015 were as a result of lost or stolen devices.[3] Similarly, cloud based, and third-party storage systems may not always be as secure as an employer may hope or expect.

Finally, many people still write passwords down or store them in a central location – making them one simple hack away from total infiltration.

Simple steps to protect your employees… and your business!

Predominantly, a culture of cyber-security awareness needs to be holistically curated across corporations. Competency in cyber-security needs to be assessed at the recruitment process stage and current employees should be continually retrained.

Other preventative measures could include:

Strict IT policies

Read more

Require employees to change their internal passwords every 30 or 60 days – alongside mandatory encryption of sensitive data or password logging software.

Regular software checks

Read more

Ensure that all operating systems, programs and antivirus software are consistently up to date.

Keeping third parties in check

Read more

Be vigilant of tax and accounting software, outsourced departments, IT providers etc. Your internal system may be secure, but theirs may not be – leaving you exposed.

Explore the possibilities of biometric authentication

Read more

In the workplace, employees are increasingly using biometrics to increase security when logging in to devices as well as the access to the data stored on those devices.

Invest in tailored training

Read more

There is no ‘one size fits all’ when it comes to awareness and education. Invest in industry-specific training for your organisation.

Communicate the impact of cyber-attacks

Read more

By making employees aware of the financial losses associated with cyber-attacks, they will take responsibility for their own cyber hygiene as a matter of preserving their job security.

Limiting employees in using their own tech or removing company owned tech

Read more

As previously mentioned, unsecured public Wi-Fi networks and risk of theft are all possibilities.

Assist the future of cyber security by closing the skills gap

Read more

Training employees at all levels within your organisation will not only ensure your security but helps the wider community to practice better cyber-safety that affects all commerce.

The ultimate answer to cyber-security woes is… education

Informed and equipped employees are the best defence against the majority of cyber-attacks. Cyber security eLearning outlets and training programmes allow employees to study, improve and qualify, whilst working. This directly impacts the cyber-health of your company and industry, but also promotes growth and development in satisfied and nurtured employees.

Whilst there is a plethora of precautions that can be taken to better protect your employees and your business, complete mitigation is ultimately impossible. However, as far as possible, steps towards creating a culture of heightened awareness and quality training schemes, should be undertaken to minimise potential financial losses.

Request a Callback

First Name*
Last name*
Company Email*
Company name*
Your role

Contact Information

Phone: 01273 007 080