By Andrea Bell
You trust your employees. You hired them because you identified them as the best candidates to do their job. As more and more business risks emerge, that trust can be tested. Especially by cyber liability risks. A major IT security breach or data loss could be incredibly expensive for your business. Its important that you are aware of the risks and that you bring in the appropriate risk management measures. Because trust alone isn’t always enough to prevent cyber liability risks.
This risk actually relies on the wrong kind of trust. Social engineering used to be about flashing a smile and distracting with chatter while you squeezed information out of a low level employee. These days, social engineering focuses on social media.
Which brings it into the cyber liability arena, and makes it far more dangerous. On social media, people can pretend to be whoever they want, making it easier to deceive. You should engage in regular information sharing and training on social (media) engineering.
The simplest tricks are always the ones that catch you out. Your employees have so many accounts and so many passwords, it can be hard to keep track. This often leads them to reuse the same passwords over and over. Which poses a problem, because not every online sign in system is as secure as yours.
Which means a hacker doesn’t need to get access to your system; they just need to pickup your employee’s info from another source and try their password. Multiple secure passwords may be a pain for staff but they are vital in managing cyber liability risk.
Mobile Data Loss
When you entrust company devices to employees, you rely on them to use them appropriately. That means more than just monitoring their Internet usage. Company devices contain information that is valuable to criminals and potentially costly to businesses. Those devices must be carried securely. Which means, as a business you should consider proving more than just a device, you need to provide cases and other means to protect your data.
Bring Your Own Device
A lot of smaller companies and startups are using a BYOD policy to reduce their IT budgets. Which means they allow employees to use their own equipment to manage company duties. This creates a huge cyber liability risk. Your data may be held online and your network may be secure from outside attack, but you can’t guarantee the security of the devices. As they are personal devices, they are at risk of attack while being used for personal reasons. You need to take great care to protect your network and to create a clear policy around BYOD devices.
This article was written by Andrea Bell and originally published on business2community