Did you know that the person who will damage your company’s brand, maybe cause your sacking or even bring down your company is a lot closer than you think? You might put these major problems down to a rouge customer, maybe a wronged competitor or even a recently fired employee? If you are cyber aware, maybe they are an anonymous hacker from a third world country? Well yes that person maybe involved, but the person that can cause your company so many problems is more than likely an innocent member of your staff.
Sounds unbelievable but hark back to the Equifax loss of over 140 million records including such sensitive data as credit card details, phone numbers and social security numbers – enough information to cause major losses to Equifax customers. Equifax have estimated the loss to their company at over $114m, not counting the loss to their brand image and the fact that they will be forever mentioned in financial university degree courses and cyber security folklore. The cause of this massive loss has been put down to one employee who failed to patch software and the fact that the company failed to notice data breaches between May and July of 2017. As well as the responsible employee you can bet that their boss as well as the CTO, the CIO and maybe the CMO all found cardboard boxes on their desks and security officers waiting close by.
This one weakness in the ICT environment had enabled a lone hacker to infiltrate valuable databases on numerous occasions, helping themselves to vital information that they would have quickly utilised and/or sold on the dark web.
How secure and up to date do you think your network is? Do you have cast iron processes and procedures and the necessary software to ensure that your network is monitored and kept secure? Worrying is it considering Equifax thought they were secure?
Going back to one person being able to damage your company – what about the person who plugs in a tablet, laptop or mobile phone that does not have up to date virus protection? Maybe they surf some doubtful websites at night, or even while working? With current BYD (Bring your own device) policies how safe is your network from viruses and ransomware being introduced?
Could one employee download a song or game that contains a virus that will compromise your network? Many modern viruses have worms that constantly multiply, worming their way through your system causing chaos as it goes. This is how the WannaCry virus spread, propagated by the EternalBlue virus that came in via a weakness in the Microsoft Windows operating system. A downloaded song or game is an ideal vehicle for the next virus.
Maybe one of your employees in the finance department gets an innocent looking email asking for an attached invoice to be paid. Seems to be business as usual. Unfortunately that attached invoice might include a virus or piece of ransom ware. Otherwise it might be, that paying this phishing invoice gives away your banking details by sending you to a fake, genuine looking, website. Once they have these details they can help themselves to your bank in the future.
One of your company’s senior managers may receive a ransom ware email saying that your data will be frozen or stolen unless a bit coin ransom is paid. Or worse still the hacker may access and freeze your data first so that you have to pay the ransom. What do they do?
All this chaos is started from one person in your company clicking on a link or downloading an illegal file or plugging in a virus infected phone or tablet!
How sure are you that your company has the correct processes, procedures, methods and rules to ensure that just one person cause such chaos, controversy and loss of careers?
Is your ICT environment vulnerable and how do you know it is secure? Are you monitoring your network on a continual basis?
Why not talk to Gaia Technologies plc. who have considerable experience in ensuring their client’s ICT environments are secure. Gaia offers a full Managed Security Service Provision (MSSP) as well as the Security Consultants who can advise on your current security processes and procedures.Gaia – Total Security Solutions for Quality, Security and Peace of Mind From One Provider