SECURITY
When an employee accidentally opens a social media scam or phishing email, in most situations (after panicking) his or her immediate reaction is to promptly close the link, discard of the evidence and breathe a sigh of relief that the problem has hopefully disappeared or been resolved.
The chances are that some of you have probably fallen subject to this slip-up on at least one occasion and it may have seemed harmless at the time, but this type of incident can be a business’s worst nightmare when it comes to keeping its information secure.
According to the 2015 HM Government Information Security Breaches Survey, 50% of the worst data breaches of last year were caused by human error and at least 75% of large organisations suffered a staff-related security breach (up from 58% in 2014). These findings suggest that humans are currently the biggest threat to business and, despite whether their influence is deliberate or unintentional, data breaches by staff are rising.
So what actually happens when an employee carelessly clicks on an unsafe link? When a dangerous email link is opened it can result in malware being downloaded onto the equipment. This then leaves the equipment/network open to a variety of attacks; from financial loss or data loss to extortion (e.g. Cryptolocker). In addition, a high proportion of cybercrime is known to occur due to partial involvement of a rogue insider or an ex-employee.
A recent LogRhythm Survey revealed that 86% of UK consumers do not know what spearphising is, while 40% of those have accidentally shared confidential information through clicking on suspicious links. Despite this, 66% of staff members do not receive any form of cyber security training. The disturbing reality is that if employees are not adequately trained then they are less likely to understand how to deal with or identify possible security breaches. Hackers can then exploit this vulnerability in order to infiltrate
www.tomorrowsfm.com
networks and open the door to an endless abyss of data.
Instead of focusing too much attention on the latest software on the market, companies need to be proactive and invest more time in educating their staff about the issue at hand. Employees need to understand that they too have an individual role to play in keeping their company’s information secure. Technology alone will not protect a company from an attack. Many cyber threats are now growing at a faster rate than the development of technology used to combat these threats. It is crucial for organisations to ensure that they have adequate information policies and procedures in place, along with a high level of staff awareness training, so that their employees are easily alerted to suspicious activity. Building a culture of information security throughout a company will help to reduce the risk of data breaches and minimise effects on assets and systems.
“THE WORST DATA BREACHES OF LAST
YEAR WERE CAUSED BY HUMAN ERROR.”
The HM Government Information Security Breaches Survey also found that organisations with security policies and internal education programmes experience a third less in terms of breaches. Furthermore, the study confirmed that ISO 27001 – the Information Security Management Systems (ISMS) standard – remains the world’s leading standard for security management.
It provides
a best practice framework to help manage and protect information by considering every risk critical to identify potential threats. Certification to ISO 27001 also ensures that companies are meeting regulatory obligations and that their processes and procedures are good
enough to protect the information that is vital to their business.
To help mitigate the risk of internal threats by ignorant or unsuspecting employees, ISO 27001:2013 focuses equally on training and the role of leadership to drive communications down to all executive levels so that staff are constantly informed about new policies.
Increasing numbers of organisations are now demanding evidence that their suppliers and business partners comply with information security management standards to protect themselves against cyber breaches. ISO 27001:2013 demonstrates the integrity of a company’s systems and their ongoing commitment to information security. This gives both current and potential customers confidence that their data is safe and secure.
Helen Pullin, Organisational Improvement Manager at Enact (one of the UK’s largest specialist conveyancers that has been certified to ISO 27001by SGS) said; "Enact has found that ISO27001 certification has brought many benefits; it has provided a recognised structure for our information security policies and controls, and a formalised approach to identifying improvements and implementing them in a way that employees understand and commit to. But probably the biggest benefit is that it sets us apart from our competitors and gives our clients and referrers reassurance that their customers' data is in safe hands."
Organisations open themselves up to potential cybercrime if their information is not kept under lock and key. If an organisation experiences a data breach it can take them months or even years to recover and some companies fail to recover at all. Effective technology is a vital defence, but if employers continue to overlook the need for information security management and internal training, then hackers will continue to take advantage of their weakness and the likelihood of a cyber attack will increase.
www.sgs.co.uk TOMORROW’S FM | 37
Page 1 |
Page 2 |
Page 3 |
Page 4 |
Page 5 |
Page 6 |
Page 7 |
Page 8 |
Page 9 |
Page 10 |
Page 11 |
Page 12 |
Page 13 |
Page 14 |
Page 15 |
Page 16 |
Page 17 |
Page 18 |
Page 19 |
Page 20 |
Page 21 |
Page 22 |
Page 23 |
Page 24 |
Page 25 |
Page 26 |
Page 27 |
Page 28 |
Page 29 |
Page 30 |
Page 31 |
Page 32 |
Page 33 |
Page 34 |
Page 35 |
Page 36 |
Page 37 |
Page 38 |
Page 39 |
Page 40 |
Page 41 |
Page 42 |
Page 43 |
Page 44 |
Page 45 |
Page 46 |
Page 47 |
Page 48 |
Page 49 |
Page 50 |
Page 51 |
Page 52 |
Page 53 |
Page 54 |
Page 55 |
Page 56 |
Page 57 |
Page 58 |
Page 59 |
Page 60
