People and cyber security: Are the people in your organisation leaving you vulnerable

9th March 2018
Cyber crime in Australia doubled between 2014 and 2015, according to a survey by PwC, making it more crucial than ever for your business to be aware of the dangers.


Australia has a high technology uptake which combined with its economic strength, exposes it as a lucrative target for cyber criminals. In fact, 86% of organisations surveyed by Australian Cyber Security Centre in 2016 say they have experienced attempts to compromise the confidentiality and integrity of their systems.

 

Where are the dangers?

  • Nao Moriya, Chief Security Officer at Canon, says the risks of cyber security are circumstantial and vary from organisation to organisation.


    ‘One of the more critical risks for any organisations is the behaviour and attitude of its people to cyber security. The threat landscape is constantly evolving with threat perpetrators looking for weaknesses to exploit.’
     

    Some examples of these threats include:


  • BYOD – The normalisation of Bring Your Own Device to work increases your security risks. 73% of companies surveyed allow employees to use personal devices for business reasons.

  • Passwords – Employees having the same password for work and home

  • ‘Phishing’ – Accidently opening fraudulent emails.

  • Business Email Compromise (BEC) – an ‘actor’ pretending to be someone senior in an organisation and requesting a transfer of money or company information.

  • Social Media – Fake social media accounts pretending to be a company page and duping customers into sending their private details.

  •  

    Phishing attacks and BEC have cost Australian business $3.1billion since January 2015, making it cost effective for your business to think about investing in employee awareness and more sophisticated security programs.


    In one example, a phishing scam targeting PayPal customers, an authentic looking email asks users to log into their account. It has accurate branding, a postal address and links to the authentic PayPal. It’s hard to spot unless you know what to look for.


    ‘Everyone needs to be able to recognise these threats and know what to do when a social engineering attack is targeting them or the organisation,’ says Moriya.

     

    How do you limit the damage?


    While agreeing that security technologies can significantly reduce the volume of potential attacks, Moriya also warns that ‘we need to ensure the other key elements of people and procedures are also addressed to ensure effective security controls’.


    Some measures include:

     
  • Employee awareness – It’s important to work with staff to create a cyber safe environment. Use regular briefings to educate on preventing and identifying cyber attacks. Emphasise the importance of having a unique password for their work account and how to safely use personal devices. Use websites like ee which allow employees to attempt to dupe each other with phishing emails.

  • Hack yourself – Regular audits by senior IT staff will alert you to problems. If your IT team can hack your system, it’s more likely that a malicious attack will occur.

  • Create a security policy – Have a company security policy in place, written clearly and without jargon, where cyber safety is laid out for all staff members to read. The policy should become part of the staff induction for all employees and third-party contractors.



  • The best course of action, according to Moriya, is to be prepared for an attack. ‘Accept that you are being targeted and implement an information security program to limit the damage.’

No datasource associated with this component, click here to show properties panel and then click this button to select datasource