Staff are a significant risk to their employer's cyber security, according to new research by specialist global executive search and interim management company Norrie Johnston Recruitment (NJR).
The research, which forms part of NJR's cyber security report: how real is the threat and how can you reduce your risk, shows that 23 per cent of employees use the same password for different work applications and 17 per cent write down their passwords, 16 per cent work while connected to public Wi-Fi networks and 15 per cent access social media sites on their work PCs. Such bad habits and a lack of awareness about security mean that employees are inadvertently leaving companies' cyber doors wide open to attack.
It's not that people are unaware of the cyber threat. The research also shows that in their personal lives just over 50 per cent have experienced a cyber scam in the last twelve months. 29 have received a fake email from PayPal, Apple or a bank, 12 per cent have been targeted by a Facebook scam and 7 per cent have clicked a link that put a virus on a PC. A further 17 per cent of respondents have received scam emails that looked like they were sent by a friend, and 16 per cent have been telephoned by someone about a 'problem' with their PC.
Graham Oates, Chief Executive of Norrie Johnston Recruitment, comments: "It appears that people are bombarded by potential cyber threats in their private lives, and are quite savvy about how to avoid them. Yet when it comes to a work situation they don't realise that they still need to be security aware. As a result, they are making their employers vulnerable to attack."
In response to this increasing 'insider threat', Norrie Johnston Recruitment has brought together a collection of cyber security insights and advice from fifteen experts in the field.
But, as contributor Benny Czarny of OPSWAT comments: "the good news is that most data breaches can be prevented by taking a common sense approach, coupled with some key IT security adjustments." He goes on to set out ten tips for avoiding a cyber attack from ensuring employees are properly educated about the necessity for good security to the importance of storing sensitive data in different locations.
Another contributor to the report, Simon Heron of Redscan, suggests employing "a team of ethical hackers to attempt to breach a company's cyber defences and test the incident response processes" as a powerful way to understand where vulnerabilities lie and the associated risks.
Other contributors provide practical tips on how to manage the immediate aftermath of a cyber breach and examine the differing impacts an attack can have on various industries and sectors including retailers and financial service providers.
Graham Oates again: "There is no doubt that cyber security is a hot topic and businesses are fast waking up to the need to protect their cyber presence. But as our research shows, the biggest threat could be the one right under your nose – your employees.
"There's a clear need to educate staff about the importance of cyber security best practice and how even actions that we all take for granted, like checking our Facebook page at lunchtime, could provide cyber criminals with a way into a business. Cyber security is no longer the territory of the IT team, it's the responsibility of everyone."
He continues: "As a result, in-house cyber experts are in huge demand, the salaries they command are increasing and the competition to attract the best talent in the field is fierce. By working with a focused search firm like Norrie Johnston Recruitment, businesses will greatly increase their chances of hiring the best cyber experts in the market."