As cyber criminals become more sophisticated by the day, it is important for businesses of all sizes to invest in the cyber defences that will keep you protected against attacks. From advanced firewalls to proactive network monitoring tools, there are many ways that companies can help keep their data secure and minimise the risk of breaches.
But even if you are investing in all the right controls, there are a number of surprising risks that can catch you off-guard. It is important to recognise that it is not just attack vectors such as malware and social engineering that can leave your organisation exposed to cyber-attacks. Here are four threats to your cyber security that might surprise you.
- Employees being careless
Unfortunately, one of the major risk to a company’s cyber security is still its employees. One key example of this is the fact that weak or stolen passwords are the major cause in around 81 per cent of data breaches. When the majority of data breaches could be prevented by something as simple as a strong password, it shows that careless employees can be a real problem for your cyber security.
It is vital, then, to provide employee with cyber awareness training when staff understand the importance of their actions in preventing attacks it can help them to keep your business more secure.
- Alert fatigue
If you have never heard of alert fatigue you might be shocked at the impact that it can have on your cyber defences. Alert fatigue occurs when an individual or a team sees a large number of security alerts on a daily basis – seeing a constant stream of alerts can desensitise them to the importance of the messages (especially if many of them are false alarms).
It is important that the staff of a business should stay aware of the dangers of potential incoming cyber-attacks – therefore every threat to the company’s digital defences should be taken very seriously and investigated properly. This shows that complacency can be huge risk; if employees are disregarding alerts because they have seen them so many times, they risk ignoring the signs of genuine attacks.
- Ransom demands
In 2017, the British NHS and a number of organisations across Europe suffered at the hands of the WannaCry ransomware. Whilst this is a fairly common form of cyber-attack, the thing that is most surprising about it is just how effective it remains. More than 70 per cent of businesses affected by a ransomware attack would be willing to pay a ransom to unlock their data
Ransomware works by infecting a computer and encrypting the files on its hard drive – a message then demands payment in order to decrypt the files. If a large majority of businesses are willing to pay a ransom, perhaps many lack the disaster recovery procedures to mitigate the risk of such attacks.
- Former employees
A surprisingly high number of former employees appear to be willing to steal data from the company that they used to work for. A recent study suggested that around 25 per cent of employees will steal data when they leave a business or organisation. You might assume that you can trust the people who have worked for you but when there are financial rewards for stealing data, previously honest employees can be tempted into committing this sort of crime.
So what can you do to keep your data safe when people leave your company? Firstly, it is important to implement policies that make it as difficult as possible for employees to gain access to sensitive data. Restrict access to data to as few employees as you can – provide workers with access only to the information they need to do their job.
You should also ensure that you carry out a thorough off-boarding when employees leave. Ensure that accounts with access to your internal systems are disabled. Also keep a close eye on employees that are leaving and monitor their activity on your systems.