We have recently seen two significant cyber attacks on big businesses hitting the news, and these are just the ones we know about. The ability for hackers to gain access to systems through technical means is not to be underestimated, and specialists work tirelessly to build and maintain secure systems that are now integral to our business and personal lives.
What is often forgotten is the vulnerability of the very people who use and operate these systems, who by definition are often the easiest way for a hacker to secure the information they need to profit from their activity. People are the biggest weakness when it comes to cyber security and how many of us are regularly trained and updated on methods and the importance of protecting information?
Data security is vital to the success of your business, yet working practices in many organisations still demonstrate a lack of awareness and understanding:
How many of us have seen the ‘Post-it note’ approach to ensuring we don’t forget that important password stuck to the very computer terminal holding all the company data?
How many of us really understand the capability of hackers to contact our call centres and encourage our staff to release that extra bit of customer information?
There is no complete solution to this and we must all work on the basis that we will at one point or another be subject to a cyber attack, this is just a reality of the world we now live in and the risk versus reward for those who engage in this activity. To protect ourselves both personally and professionally, we must ensure that our organisations remain up to date and strong in terms of technical resilience, but just as important is ensuring our people are aware of the types of methods used by hackers to illicit information and build the resources for an attack.
We must have strong control measures in place for passwords and other access information and ensure our staff fully appreciate the potential impact if we get this wrong, but equally we must ensure our people understand the many other methods used, some of which are incredibly clever. The damage caused can be fatal for a business with complete loss of confidence from your hard earned customer base.
Chris Regan AMBCI is the Director of Blue Rock Risk Limited, a specialist crisis and risk management consultancy which runs a programme called Cyber Aware that focuses completely on the people side of cyber security. Chris works with both private and public sector clients to help them plan, prepare and respond effectively to a wide range of crisis and risk issues. Chris can be contacted by email at firstname.lastname@example.org or by telephone 0117 2440154.