As the deals and potential money savings of Black Friday and Cyber Monday combine with the convenience of online shopping in the run up to the Christmas holidays, businesses should be worried about more than just browsing and distracted workers.
When preparing for potential cyber threats many businesses think about the systems in place but few consider the human element. Research indicates that about 90% of all cyber claims stemmed from some type of human error or behavior.* Therefore in the run up to the holidays, when online purchases made by staff on their work devices will inevitably rise, it is important that businesses are prepared to mitigate a potential increase in cyber threats.
Many organisations believe that because they have a firewall, an experienced IT team and antivirus protection, they will not be targeted. This simply isn’t the case. Cyber criminals specialise in focusing on organisational vulnerabilities, including targeting employees via phishing scams or exploiting employee error. It is important to keep all software and hardware up-to-date, ensure passwords are changed regularly and your workforce is educated on the importance of cyber security.
Awareness of the threat posed by cyber criminals has never been higher, yet many companies are still behind the curve when it comes to understanding the impact even a minor breach can have on the long-term future of their business. In our Autumn 2017 Risk and Confidence survey the top risk in 6 months’ time was Cyber. This implies that businesses are concerned about Cyber risk and need to do more to train staff to mitigate the rise in cyber risks leading up to and during the holiday period.
Here are some ways your business can manage the chance of being affected by cyber threats:
Culture: Train your staff against vulnerability from email phishing scams; social engineering and exploiting employee error, and stage an attack to test the effectiveness of this training. Then reinforce best practice behaviour with robust internal controls and regular re-training, and use the DART method.
Make sure your security systems are up to date: make frequent checks to ensure that your web servers and systems are up to date with firewalls, antivirus protection, and ensure passwords are changed regularly.
Unpatched or Unpatchable Devices: Millions of businesses have outdated and vulnerable networks and devices ripe for exploitation. If this is the case in your business institute a patch management program to ensure that devices and software are kept up-to-date. Deploy vulnerability management technology to see what is, and isn't, current. Have a policy in place to take equipment offline if it isn’t updated or patched within a specific timeframe.
Simon Browning, Senior Underwriter - Technology and Cyber Risks
* Willis Tower Watson, 2017 Cyber Risk Survey Report