The biggest threat to your IT security could be in your building, right now

By January 16, 2019 August 20th, 2019 Articles

When you think about hackers and online scammers, the image that probably jumps to mind is of a hunched individual, illuminated by a green glow from a 1980’s computer monitor. The reality of IT threats, however, is far different.

The level of sophistication in IT security breaches is growing daily. Some scams are remarkably complex, with intricate chains of events; others are very simple. Most threats regardless of their complexity can be combatted by technology, but not all. The solution is straightforward – education.

An open-door policy, but not as you know it

You see, every scam requires an open door. That could be a weakness in your IT infrastructure, a piece of software that has not been updated to the latest security protocols, or simply an unlocked PC giving unfettered access to your entire network.

The latter scenario is disturbingly common. We have all been guilty of jotting down that ‘very secure’ but hard-to-remember password. Honestly, a sticky note hidden under a keyboard is possibly one of the worst and most common offences of security failure, yet my team witness it every day.

Most cybercriminals are not in the business of breaking and entering. Many rely on your team bringing them into the office. I am not talking about a ‘bring a criminal to work day’, that would be crazy; it’s more about mistakes created through a lack of knowledge rather than deliberate intent.

BYOD

Bring Your Own Device, or BYOD for short, is common in many businesses, where staff bring their own devices to use in the workplace. On the surface it feels like an economical solution to providing teams with all the technology they need. Your staff get to use their own device, one they are familiar with, saving time on training. And the business saves on the cost of the hardware, too. But the true cost can far outweigh any savings.

Malware and viruses can sit on hardware waiting for an opportunity – so when a member of your team plugs their mobile phone into their computer to charge it, they could easily, and unknowingly, transfer an infection into your whole system. Even the humble thumb drive can be a source of significant danger. ‘But we have virus protection,’ I hear you cry, and yes, for many threats the technology on a well-managed IT system will offer a good level of protection; however, the threat is still very real.

Virus protection and malware blockers are in a constant race, only just keeping up with the deluge of new threats that are unleashed on the world daily. To protect ourselves, our businesses and our privacy, we need to take responsibility for our own actions and ensure we are doing everything we can to close those doors of opportunity.

How big is the risk?

The most valuable asset in most businesses is data – customer files, suppliers, intellectual property and more. Take a moment to consider the impact on your business if this data was lost, corrupted or misused.

A cyber risk survey commissioned by Financial News, London, in 2017 showed 58% of cyber claims are attributable to employee behaviour, such as negligence, accidental disclosure and lost or stolen devices.

It also highlighted that most employees believe that their organisation’s IT systems offer sufficient protection. This is a troubling scenario. Through a lack of simple education, we’re leaving the door of opportunity wide open to anyone who chances their luck.

What can business owners do to protect themselves and their workforce?

There are a few simple steps you can take straightaway:

1. Check your protection:

  • What virus or malware protection do you currently have in place?
  • Is it up to date?
  • What policies do you have for IT security?

2. Walk the floor – with your radar set strictly to ‘doors of opportunity’, look for:

  • Non-business-owned devices that are visible.
  • Notes and paperwork left out in the open, and check them not just for passwords, but also for private data (names, addresses, etc.).
  • Thumb drives or external hard drives.
  • A notice on the wall showing the Wi-Fi password? Convenient, yes, but safe it is not.

3. Talk to your IT team:

  • The team are on the front line, they should be able to provide you with a good overview of potential threats. They will know the devices that are in use, any systems that are abused or policies that are not adhered to.

What next?

When you have clarity on your current setup, you can start to plan improvements. You might want to talk to an expert and get an outsider’s perspective – perhaps some guidance on the biggest threats to tackle first. Please do give our team a call  if you would like to discuss your options.

When you have a clear plan of action you need to involve your team. Educating your staff about the risks will help to generate buy-in for change.

I am recommending conversations for positive change – not a witch hunt for those who are posing a threat. Most security blunders are accidental. The best way forward is to plan an ongoing education programme that keeps security, and your safety, front-of-mind for everyone.

When you have a clear plan of action you need to involve your team. Educating your staff about the risks will help to generate buy-in for change.

I am recommending conversations for positive change – not a witch hunt for those who are posing a threat. Most security blunders are accidental. The best way forward is to plan an ongoing education programme that keeps security, and your safety, front-of-mind for everyone.