Most organisations now know that cyber security is becoming a larger threat to not only their valuable data but also their business reputation. However their biggest cyber risk maybe people that they would not usually suspect and even worse they are very close. These threats to your organisation’s security are your staff. However well trained and trusted they are, cyber criminals know to target staff members.
If might be something simple like visiting the wrong kind of websites that will download a small piece of code to their computer. Maybe they start talking to a disguised hacker on social media – this is called cat fishing. The hacker will pretend to be someone else, anything from a wealthy potential suitor to a well placed potential customer. Once a relationship has been established the cat fisher will ask for information bit by bit. The member of staff is often oblivious of what they are giving away but the hacker can often use this information to attack your organisation.
Another common hacking method is to send an attachment such as a fake invoice to be paid. The financial staff, used to receiving and paying invoices will download the attachment as well as a malicious virus. Ransomware emails re becoming very common and they are often quite frightening, demanding small amounts to be paid by bit coin, in exchange for giving back control of a computer for example.
Social media is a complete minefield. Cat fishing is rife as are adverts that when clicked on download virus. However staff posting on social media can also be a problem if they are not careful. The content of the posting can also be helpful as well as pictures of the inside of the company, new products or staff members can all give out clues to the skilled hacker.
Gaming and viewing funny videos can be rife with malicious code. However a video sent as an email attachment to several staff members can cause data blockages and slow down your network due to the size of the attachment. That is before you get to the fact that your staff should be working, not viewing videos. Downloaded games and other software often comes with a helping of a malicious virus that can quickly travel through your network. Some websites are very data heavy to view, again slowing down your network. Many adverts that can be clicked on take the viewer to malicious content, some of which will quickly multiply, spread or take over the computer.
Even if you control what people do with their emails, website viewing and social media posting you have still not controlled all the cyber risks that your organisation will face. There is the politically hot topic of what is plugged into your secure network. Workers are more and more mobile and this means they have laptops, mobile phones and tablets all that need plugging back into the network in order for your staff member to work efficiently. Some of these are owned by the company, others by the staff members. Those that are yours can be regularly virus scanned, staff mobiles and tablets are more difficult. They need virus protection and regular scans and reminding staff to this is more challenging. Some kind of policy and assistance in monitoring cyber risk is required.
The last area to check is the interface your staff have with your cloud based data. Whilst all the major cloud providers have very secure databases it is the interface between your data and the cloud where the cyber risk resides. The cloud provider clearly states that is your problem. Thankfully there are software monitoring packages that will ensure that this risk in minimised and then monitored. Obviously with cloud storage what data is accessed, stored, changed and deleted must be monitored and controlled.
Obviously procedures and processes need to be implemented as well as training and support. It would also be useful to have end point monitoring as well as software to audit what is attached to your ICT environment. Both of these are available from Gaia Technologies plc. for Quality, Security and Peace of Mind From One Provider. Gaia Technologies plc. can also audit your existing ICT environment for cyber threats, issues and weaknesses as well as help you with staff based processes and procedures. They can even train your staff if you purchase their Malware Package.