Five ways your staff can compromise your business security

OGL Computer

It may be uncomfortable to read, but your staff really are the biggest threat to your business’ cyber security.

A 2017 cyber risk survey produced by the London Financial Times, found that 58 per cent of cyber-attacks are attributable to employee behaviour, such as negligence, accidental disclosure and lost or stolen devices.

When they included vulnerabilities that exist due to a talent or skills shortage in cyber security, the percentage attributable to internal human issues is closer to 90%.

According to an ISACA (an international, independent IT governing body) survey published last year, more than three quarters (76%) of UK office workers didn’t know what ransomware was and 36% can’t define a phishing attack.

The study also highlighted that half of UK office workers feel that employees are provided with no cyber security awareness training at all and 1 in 5 confirmed they had been victim of a phishing attack.

Your staff need to be aware of the dangers they could potentially impose.

Your business’ security depends on it. With this in mind, we highlighted 5 key areas your staff can compromise your company…

Weak passwords

We’ll start off with an obvious one.

Having a weak password is inexcusable and a key area where hackers can obtain crucial business data on your employees’ devices.

OGL Computer has developed a machine that can guess passwords at an amazing 30 billion combinations per second.

So, if you thought an 8-character password was strong, think again.

According to a recent survey, on average 2 out of 5 people have had their password stolen and 7 out of 10 people no longer trust passwords to protect their accounts.

Simply educating employees on how to use strong passwords can instantly improve your security.

You may also want to consider Multi-Factor Authentication (MFA) as 86% of businesses who use MFA feel their data is more secure.

MFA adds a secondary element to the signing in process, whether that’s with a mobile device or fob, using either a pin number or extra password.

Offering an extra layer of protection helps keeps your details, documents and data more secure!

For more information on Multi-Factor Authentication, click here

Phishing emails

We’ve all been there; hovered over an email attachment, not knowing whether to open it or not.

Unfortunately, it’s that easy to fall victim to cyber-crime.

How can you detect if that attachment contains a hidden malicious script or downloads an encryption key from outside your network?

There are tell-tale signs on how to spot phishing emails, whether that’s by looking at the email address, or spotting spelling mistakes within the email.

Having your staff trained to spot common traits in emails can drastically reduce the risk of your business getting attacked.

For ongoing real-time advice on phishing emails or spam alerts, follow our Cyber Threat Intelligence Watch group on LinkedIn, to help you stay vigilant when it comes to phishing emails.

Click here to join the group.

Not installing relevant updates

Software updates and patches exist to fix vulnerabilities.

If your staff are continuously clicking ‘remind me later’ on update alerts, it can seriously put your security at risk by prolonging the patches.

It’s imperative staff keep their systems updated to help stop hackers exploiting security weaknesses.

In fact, with business devices patched and updated you are less likely to be affected by a cyber-attack as around 70% of cyber-attacks exploit known vulnerabilities.

Un-patched software is also a magnet for malware. It is critical that staff understand the importance of installing updates.

A good comprehensive security patching strategy is essential.

If you are interested in an option to help take away security responsibilities from your staff when it comes to updates and patching, you may want to read more on our Patch Management service here.

Social Media

Social media plays a huge part in our business life.

Whether that’s looking for a business opportunity or contact on LinkedIn or recruiting on Facebook.

It’s an easier, more engaging platform to communicate. However, the same can be said about cyber-attackers.

Social media is a hotbed for hackers to socially engineer your staff on clicking on certain ‘fake’ profiles or unsecure URLs using clickbait.

Once clicked on this domain, staff can leave your defences vulnerable to malware or ransomware attacks.

Educating staff on how to use social media can reduce the potential threats to your company.

Alternatively, for a more proactive approach to your security, you may be interested in outsourcing full responsibility for your cyber defences. For more information, click here.  

Connecting devices using USB’s It may seem like a small little USB but connecting one to your devices could have serious security consequences for your business.

USB’s are an extremely easy way to install malware onto your computer and staff are susceptible to connect unknown USB’s to their devices.

For example, if you find a ‘dropped’ or left USB, then the easy way to find out who’s it is or even if it’s free to use, is to connect it into your device to see what files are on it.

It’s an easy mistake to make, which is why cyber-attacks exploit this vulnerability in employees.

Another reason for staff to think twice about using USB’s, are they are relatively small and the majority all look alike, making it easy to lose or misplace them.

Losing a USB with critical data on is a major security issue that can threaten your business.

What makes all this more infuriating is that it is all preventable… With staff awareness training!

CyberGuard Technologies, a division of OGL Computer, a company that’s been in business for over 40 years, and understands the industry, can offer help and guidance on the best practises of being cyber-secure.

We understand the importance of regular, engaging methods of educating staff on how they can help prevent their company from falling victim to cyber-attacks.

We offer thorough training to teach employees about data storage, application downloads, passwords, spam email, backing up work and much more.

To engage with staff, our awareness training offers an array of methods to keep office workers on their toes and includes:

• Monthly phishing attacks performed company-wide

• Bi-annual spear attacks looking at high risk departments

• Quarterly password checks

• Bi-annual USB drops and desk checks

• On-demand video training

• Monthly cyber security newsletter

To find out more about our staff awareness training, click here.  

If you would like to talk to one of our Security Consultants, contact us here and we’ll be happy to give you a call.