B.I.S.S Research White Papers

Let’s face it, Businesses are constantly at risk, but what from?

Marc Briggs

Marc Briggs

Think for the future - failing to prepare for an event where business operations are disrupted could have a severe impact on revenue and reputation. With a workplace recovery solution, you can minimise the risk of unexpected downtime.
Employees could be your biggest cyber security risk! Why? Lack of awareness. The biggest reason for employees being a risk to your company is that they are simply unaware of what they should and shouldn’t be doing. They may be blissfully unaware of devices being connected to an untrusted Wi-Fi network or that they shouldn’t be keeping customer details on a USB Memory Stick.

 £27 Billion is the estimated cost of Cyber Crime in the UK— a lack of understanding of cyber security is partly to blame for this figure.

The Threats:

Phishing emails

The Email Laundry found that 91% of all cyber-attacks started with a phishing scam. These are emails sent by hackers designed to look to like they have been sent by a legitimate company and ask for sensitive information.

Often, these emails contain a link which takes you to a very plausible, yet fake website with a form for you to enter your details. This information is then forwarded to criminals who created the website, ready for them to use or sell your data. They may ask for credit card details, passwords, usernames, or anything they can use or sell.

Signs of a phishing email:

● Typo’s or spelling mistakes

● The ‘From’ email address doesn’t seem to be who it says it’s from

● Requesting you to click links or attachments. If it doesn’t seem legitimate, don’t click!

● Creating urgency on a ‘call to action’ such as needing you to transfer money and contact them only through email – If in doubt, call the sender

Using unsecured networks

Some employees may not be aware of the risk of using a device, be it work or personal, on an unsecured network. This could be free Wi-Fi in the local coffee shop or in a Hotel on a business trip.

It is possible that these types of connections might not encrypt your data, meaning it could be compromised and fall into the wrong hands. You are potentially allowing crooks access to your sensitive and valuable information.

If you access your emails you could unintentionally leak passwords or other sensitive information. Accessing mobile banking could open up your account to cyber hackers monitoring the network.

Top tip: Use a VPN (Virtual Private Network) to protect yourself when using unsecured networks. This will provide encryption on data moving between you and your end user.

Storing sensitive data

Staff should never store personal or business sensitive information on USB or External Hard Drives. GDPR legislation was put in place to ensure all personal data is well protected but having it on a portable device puts it at risk.

It’s easy for data to fall into the wrong hands. An example is Heathrow Airport, which was fined £120,000 for losing a USB containing sensitive information. Thankfully, it did not fall into the wrong hands. But it is a good example of how easy it is to lose data, the salt in the wound is it’s easily preventable.

Top tip: Educate staff on exactly what personal data they should have access to, how to store it and how they should dispose of it. Having a strong password is vital not just for documents containing personal data, but for logins to tools and devices.

Installing questionable apps and programs

Be it on a mobile device, a browser extension or a newly installed program, thousands of apps are uploaded every day that contain malware. Without your knowledge these apps can do a range of things in the background of your device, from stealing data, leaking mobile numbers, to infecting other devices on the same network.

Top tips: Look at the review for any app before downloading and research it before installing. Download your apps from the official stores only as some malicious apps disguise themselves as the genuine one.

Not updating software

This is a common way your networks and devices are left open to hackers. System updates and upgrades are not just designed to modify the usability or design of the program, but to add important security features to protect them from potential vulnerabilities and hacks.

Employees may not be aware of the importance of system updates, if they do not routinely run them they are leaving themselves open to attacks. It is important to carry out regular updates of any software you use to increase company protection and decrease risk.

Internet of Things

You need to consider the ever-changing Internet of Things (IoT), many companies have several devices, all connected to the same network, and some of these will be carrying out business critical processes.

For example, a factory may have labeling, cleaning and bottling machines connected to the Wi-Fi. An employee could innocently connect their mobile device to this network and download an app contaminated with a virus. This app then has the potential to carry out an attack on not only the mobile device, but also everything that is connected to that network, halting production, costing time and large amounts of money.

Top tips: ensure your devices have secure passwords to access them. Remove devices from the network if they don’t need to be connected and use a strong firewall for protection.

While it is possible your employees may pose a security risk, with the right training you can reduce the risk of being a victim of cyber crime. The important thing is to look at your business, uncover any weak points and relay the best processes to all staff.

Marc Briggs

Marc Briggs

Think for the future - failing to prepare for an event where business operations are disrupted could have a severe impact on revenue and reputation. With a workplace recovery solution, you can minimise the risk of unexpected downtime.