Published: 9th February 2020
Updated: 4th February 2021
You may be surprised to know that it is not necessarily your technology or the systems that you have in place that allow in hackers and data thieves. It is common for members of staff to be the weakest cyber security link.
From losing company laptops and phones, to failing to change passwords at regular intervals, your employees may be to blame if hackers successfully disrupt your business. So what might your employees do to compromise the security of business data?
Connecting to the company’s network using their own devices can infect your system if the device is not secure. It is very difficult to monitor activity in this respect if you do not operate a specific ‘Bring Your Own Device’ (BYOD) policy, or use a Virtual Private Network (VPN) that keeps the employee’s personal data encrypted.
Password security is a crucial aspect when keeping your business information safe, but members of staff may be compromising data security in a number of ways. Writing down passwords, using passwords that are not strong enough, and failing to change them regularly, can each significantly compromise your efforts.
When no password security policy is in place, or employees simply do not follow it, the result is a very vulnerable organisation that could suffer a seriously debilitating cyber attack, or loss of customer data that results in significant financial penalties from the regulators.
A failure by staff to update the software and other applications on their work computers, and to apply security patches, compromises your network and potentially allows hackers and thieves easy access.
Consistently applying good cyber security techniques, which are generally fairly simple and straightforward procedures for your employees to follow, offers your business an increased chance of avoiding a breach or cyber attack.
A disgruntled employee could exploit known issues in your systems, and damage crucial files or compromise data integrity, particularly if they have high security clearance. It would be relatively easy to harvest sensitive business information and trade secrets, and carry on undetected for some time.
A member of staff who has had their contract terminated also poses a serious threat to your business. In fact any exiting employees could be a potential risk given their knowledge of the company’s systems, so it is crucial to ensure that official access is also terminated when they leave.
Employees may access their social media accounts while at work, which introduces a risk for your system if their personal data is targeted. With so much personal information online these days, it would not take long to contact your employee with the intent of stealing company data, or introducing malware onto your systems via a rogue email.
For obvious reasons, losing company hardware, whether it is a laptop, tablet or phone, also presents a serious risk to cyber security. Human error is a constant theme running through the threat to your company’s cyber security, and the loss of unencrypted business hardware is one of the biggest issues in this respect.
This type of cyber attack mimics communication from a ‘trusted’ source, or someone the employee knows. It could be an email that appears to originate from a client, for example, or a supplier, but does in fact contain a malicious link that introduces a virus, malware, or perhaps ransomware onto your system.
If the employee who receives the communication clicks on the malicious link, the virus can spread throughout your network of computers and cause serious disruption to the business as a whole.
It is vital to provide your staff with regular training on current methods of cyber attack and cyber security so they understand how hackers get into the system. This awareness allows them to be more vigilant, and to reduce the likelihood of human error being a factor in such an attack.
Your business is at great risk of incurring vital data loss, or suffering a devastating security breach that compromises your ability to operate effectively. For more information on how to formulate a data security policy that will help to counteract cyber threats, call our expert team at Begbies Traynor.
As the largest UK professional services consultancy we can assess your risk of cyber attack and put forward practical steps to mitigate the threat. We are able to offer you a same-day consultation free-of-charge, and work from over 70 offices around the UK.