Cyber crime and the consequent need for cyber security is a business risk that’s here to stay. It’s not only a technology arms race, with security patches and protective software racing to keep up with the hackers’ latest tricks; it’s also a fundamentally human problem, in which the weakest link of an untrained or unwary employee can open the gate to disaster.
Managing the risk of cyber crime is as much about managing people as it is about systems and technology. While it’s clearly critical to ensure software is up to date, data backup systems are reliable, firewalls are secure etc., all of this can be brought to nothing by a negligent or malicious employee.
The bogey man of the malicious or disgruntled employee probably gets more nervous attention than is warranted however. In most instances, the employee ignorantly engaging in risky behaviour is much more common. Things like clicking on links or opening attachments in emails that look (with a passing glance) to be genuine; clicking on links and ads in dubious websites; using the same password in multiple online accounts; using public wi-fi with an insufficiently secured mobile device.
Oftentimes these undesirable behaviours are due to a lack of understanding about the organisation’s security policies and processes. Not infrequently, they are due to the absence of such policies and processes, or a failure to regularly and clearly communicate them to personnel.
Developing effective risk management procedures, followed by implementing regular training and education is key to promoting good security awareness and behaviours that protect an organisation.
Reporting and sharing information with industry partners, suppliers and clients about cyber crime incidents and near misses is also a useful way to minimise the spread of new risks and strengthen security responses.
Please contact QRMC for more information.