Why staff members can unwittingly be your biggest cyber threat

12 Feb 2018 Lumina Technologies
staff members biggest cyber threat

In October, a USB memory stick was found on the street and handed in to a tabloid newspaper where it was found to contain unencrypted details of security measures at Heathrow Airport. The data included files marked ‘Confidential’ and ‘Restricted’ which contained details of terrorist threats, information on how to get access to restricted areas, and also the Queen’s travel plans.

The airport has launched an internal inquiry into the incident, but it highlights just how easy it can be to have a massive security breach on your hands.

Possible explanations

  1. The most logical explanation is that, due to the sensitive nature of the data, it was down to the carelessness of a high-level executive. Executives often want to work off-site and think nothing of taking even highly confidential data home to work on. That this person thought it was okay to copy such sensitive data unencrypted onto an unsecured stick is indicative of the airport’s massive failure in security culture.
  2. It could have been a hacker who copied the information onto the stick, then dropped it in the street.
  3. It might have been a member of staff with malicious intent who downloaded the information, then dropped it.

Whichever reason it was, the incident highlights just how vulnerable your data is, and how breaches can so easily affect your business. It also shows that it is not just security systems that need to be protected – every member of your staff needs to understand why it is so important to protect the data.

There are many lessons to be learned. It is clear that Heathrow’s security measures were inadequate. To ensure that your company does not make the same mistake, there are a number of measures you can take to ensure your data is protected, including:

  • Regular disaster testing
  • Staff training
  • Mandatory encryption of all data and removable devices
  • Locking down to approved devices
  • Using security permissions on files to prevent people from copying or printing them

The human factor

Technology is an important tool in data security, but it is not a panacea. Many data breaches are the result of staff carelessness, which is why your company needs to undertake mandatory awareness training, detailing the procedures for all staff at all levels – from the cleaners to the directors.

The regularity these kind of cyber threat news stories prove that, as companies, we are not doing enough. The world is changing and getting more dangerous all the time which means the risks are getter greater. You need to treat data security in the same way as the more ‘traditional’ risks to your company – you use alarms to warn of fire and intruders, and have insurance policies in case of accidental or malicious acts, yet data breaches are much more likely to happen.

Events like this one should be a wake-up call for all businesses – however large or small – to take control of their data or risk potential loss.

Contact us for more information about protecting your company from cyber threats of all types.