Insight

Your company’s biggest cyber security threat is you

By Charlie Knight |

security-department-1653345_960_720.png 

By 2029 humans will be able to extend their lives and live on as robots by putting their thoughts and memories into a machine.

A scary thought isn’t it?

 What’s even scarier than this eventuality is the sheer amount of personal information we are already putting out there via our devices, whether it’s billing info, contacts, location or employment data.

When does too much data become dangerous?

Cyber security is one of the biggest problems that comes with technological advancements. Companies have lost between £296-£454 billion to cyber-attacks, and this has increased by over 70% in the last three years. (Entrepreneur)

But who is the biggest threat to your company’s IT security?

In short – it is YOU. Not having the right systems or policies in place to keep your systems, network and data secure could be your company’s very own downfall.

Here are some tips for how you can protect your business against cyber security threats in 2017.

 

Some common cyber security threats

You may be thinking the chances of this happening to your company are very slim, and there’s no reason to improve upon your current efforts to secure your data.

But cybercrime remains the second most reported economic crime, affecting 32% of organisations. (PwC Global Economic Crime Survey 2016)

Hackers are launching more and more sophisticated attacks, and so it is worth making yourself familiar with what they are and what they can do. We’ve gathered the top three biggest security threats of 2016:

  1. APT (Advanced Persistent Threats)

A long-term targeted attack, in which an unauthorised person gains access to a network and stays there, usually to steal data rather than cause damage to the network or organisation.

  1. DDoS (Distributed Denial of Service)

An attempt to make an online service unavailable by overwhelming it with traffic from multiple sources. Usually banks or news websites are targeted.

  1. Inside Attack

60% of all cyber-attacks are carried out from inside companies. (Cybersecurity Intelligence Index) The attacker uses their credentials maliciously to gain access to confidential company information. If a former colleague has left the company on bad terms, make sure there’s a system put in place to revoke all access to company data immediately.

 

Are your employees putting your company at risk?

Your employees are the driving force behind your business, and the success of your company is dependent on them. Yet while your business may be protected from external threats, it may be your own employees that pose the biggest risk.

Whether it’s down to maliciousness or just negligence, employees account for the vast majority of security breaches. But how exactly are your employees threatening your company’s security?

  1. Employees just want to get their work done

All a hard-working employee wants to do is get their work done as efficiently as possible. It is all well and good having a security system in place, but often it can create a roadblock to productivity. In this situation a clever employee might find a security workaround or potentially risky third-party application to help them get the job done.

  1. Employees aren’t cyber-educated

Many employees don’t think about the potential security risks they may be creating when they are concentrating on their work. For example, they may be using personal email accounts to send work documents with confidential data. Employees must be appropriately trained on the importance of security and how their actions can pose a risk.

  1. Employees are susceptible to social engineering

One of the most dangerous cyber security threats is social engineering i.e. influencing a person to take an action that may or may not be in their best interest, through nefarious means such as impersonation, voice phishing or email phishing. For example, many employees might give out confidential information to someone who calls claiming to be from tech support. Employees have to be knowledgeable about the risks of social engineering or it becomes extremely easy for them to compromise their data.

  1. Employees make mistakes

Whatever system, processes or policy you have in place, there will inevitably be human errors. It is in our nature. Employees may forget to password protect documents, write passwords down, or fail to encrypt information. The only way a company can address this is by reducing the steps that employees need to take to maintain system security, reducing the dependence on employee compliance.

 

How can you protect your company from threats?

What can you do to safeguard your data from these toxic threats? A lot of issues that arise aren’t intentional – many of them are due to misaddressed emails, stolen devices, and similar ‘oops!’ moments, in which no harm was intended but carelessness has led to devastating consequences.

Therefore, education and repetition is vital. Employee education on cyber threats can save your company millions. Forming a list of cyber security policies can give employees an understanding of which threats are out there, how to recognise them, and what actions to take if they experience anything suspicious or worrying. If the idea of creating all of these policies seems daunting, try and find a well-managed security services program or enterprise solutions team that could help.

Other small measures can be taken to give your security that extra ‘push’. Firstly, although it seems obvious, changing your passwords on a regular basis is a good start. Secondly, teach your team about careful clicking. When browsing the internet looking for information, we often forget to take the necessary precautions. The final measure is to incorporate analytics. Employee have predictable behaviour, so with the use of simple analytical tools you can quickly spot any misuse or sabotage.

 

Should you bring cyber security expertise in-house?

A growing trend in many companies – particularly in the technology sector – is to hire a dedicated cyber security expert. Cyber-attacks are growing, globally, and the key challenges for business in 2017 will revolve around security and privacy issues.

Implementing information security as a business value has become fundamental. There is a growing focus on cyber security expertise, and many companies are looking to hire dedicated experts to future-proof their business and set them up for ongoing success.

Remember – you are your own biggest cyber security threat. You must know what you’re doing when it comes to cyber security and ensure you have the right policies in place.

Managing cyber risk means putting in place the right governance and the right supporting processes, along with the right enabling technology. At Vine Resources we provide senior independent cyber security experts who work in very complex and fast moving environments within prevention, detection and response.

Contact us to learn how you can hire for your cyber security needs!

Get Candidates


Charlie Knight

Written by Charlie Knight

Charlie has 3 years experience in digital marketing, helping B2B technology companies grow their businesses through inbound marketing before joining Vine Resources as Content Marketing Manager. In his spare time, Charlie enjoys travelling and the great outdoors, and he recently hiked from Mexico to Canada for charity.

Download our eBook:

How to create the perfect job brief