Why your people can be your biggest cyber-security weakness

Companies can invest significant resource into cyber-security but often overlook the risks their staff represent.

Attacks have increased during lockdown as hackers seek out weaknesses created by the immediate shift to working from home for millions of people.

Cyber experts taking part in a webinar hosted by TheBusinessDesk.com explained why people can be the biggest problem in ensuring IT systems stay secure.

Henry Doyle, director at Leeds-based IT security and storage specialists Altinet, said: “Companies are already spending money on cyber security technology and they have done for the last two generations and will continue to do so.

“What we’ve seen companies aren’t willing to invest in – or haven’t been in the past – is their staff.

“90% of cyber threats now come via email then we’ve got to be training the front line. If we train the staff, fewer threats are going to get through to the technology, which acts as the last line of defence.”

This is particularly important right now as businesses face more threats since the disruption caused by Covid-19 began.

Boxphish is a Leeds-based business which simulates phishing attacks and trains workforces on how to stay safe.

Its vice-president of sales and operations, Nick Deacon Elliot, said: “There has been an enormous increase in the volume of threats in the last couple of months, particularly people who’ve been targeted at an inbox level, which is up 500%.

“How do we deal with the kind of spike in volume? Then, how do we show people what good looks like?”

Another key aspect of data security is keeping control of where information is being held. EY director for digital, Sarah Tulip, said companies need to think about where its data currently is.

“There are probably a lot of laptops all over the UK that normally would be based in an office, somewhere secure, and I don’t know if a lot of businesses got time to encrypt all those laptops,” she said.

“Although we’re thinking about hosting in the cloud and all our data being in one place, actually is our data spread all over the UK people’s homes and are we at more risk than ever?”

Graham Peck, data security manager at Leeds United, warned of the dangers of people copying information and storing it elsewhere.

“It is what I classify as shadow IT,” he said. “People are copying files to OneDrive, Dropbox and various other places and you end up with a shadow IT of your existing system. How do you control it?”