IT InfrastructureIT SecurityIT support

IT Security & the User 

By January 20, 2020 April 23rd, 2020 No Comments
it security, security preparedness, it user security, training employees on security

Hackers are incredibly smart, skilled and sneaky. However, the main reason the majority of hackers are able to get into your systems isn’t just down to their skill. Instead, it comes from a company’s lack of internal security; particularly around the user. Here’s what we mean…

Targeting Employees 

Hackers are well aware that users are extremely busy and therefore, a lot less likely to notice them slipping through the firewall. Having a workforce that is constantly running around, moving from one task to another is great, but this may lead to a lack of attention to simple security breaches. These hackers also know that many employees haven’t been given the proper training on what to look out for and what should be deemed as a breach of security. Hackers know that they are less likely to warn upper management of potential threats, especially if they aren’t 100% sure the threat is valid, as they don’t want to be a disturbance. 

How & Where – PICNIC

Hackers will do their research and figure out where the weakest and least secure links are within the organisation. Once they’ve found these weak links in the chains, they’ll shortly have access to all the data they want. They often know that because a company’s employees are not security-minded, they will usually use simple passwords which they reuse for multiple logins. This makes a hacker’s job 10x easier. This is where the phrase PICNIC comes from. It stands for ‘Problem in Chair, Not in Computer’. Essentially, this comes from statistics showing that the majority of security breaches come from an employees lack of training and preparedness rather than the computer. 

Recent Security Breaches 

It is easy for companies to fall into the mindset of, ‘it won’t happen to me’, but unfortunately if you’re not careful, you may be a hacker’s next target. Here are a few examples of high profile companies that have recently suffered a cyberattack: 

Travelex

The popular currency exchange company, ‘Travelex’ suffered a massive security breach where hackers demanded a ransom upwards of 6 million. Travelex hasn’t yet disclosed whether they paid the ransom nor whether any customer data was stolen during the operation,  but their customers are less than happy.  

Lifelabs

In early December 2019, hackers were able to crack 15 million LifeLab accounts where they gained full access to all of those health card numbers and lab results. Similar to the breach of Travelex, customers were extremely unhappy as very private and important information was leaked. 

If, as a company, you store personal consumer data, not only is it your legal obligation to protect this information, but it is in the best interest of your brand reputation. Office 365 is a great tool that keeps your data organised, but most importantly, safe. Things like security breaches bring nothing but distrust and lack of security in the eyes of consumers. So, what can you do to ensure your company is as secure as possible? 

Recommendations

PICNIC shows, the majority of security issues stem from the person rather than their computer. Therefore, the best way to protect against attacks is to ensure all of your employees are thoroughly trained on what to look out for going forward. 

Here are some blogs that detail simple ways to increase your security: 

  1. Spotting an impersonation email  
  2. Multi-Factor Authentication 
  3. Creating a strong password 
  4. Spotting a phishing scam
  5. Deleting browser history
  6. Mobile device security 

We also strongly recommend frequently checking that your protection software is up to date as well as your operating systems. Older versions of software are much easier to be hacked into. Therefore, by not regularly updating your systems you are putting yourself and your consumers at risk. For example, if you are still operating on Windows 7, you’re now without support from Microsoft. This means you’re a lot more susceptible to a breach.

If you have any questions regarding how to best ensure your company’s security, get in touch. We’d be happy to talk you through your options.

If your IT isn't working as well as you want it to, let's talk.

020 7227 9700

Request a meeting