Cyber Risk Aware Blog

Will Your Employees Take the Bait?

[fa icon="calendar'] 26-May-2017 09:13:29 / by Stephen Burke posted in CEO Fraud, Phishing, Spear Phishing, security awareness training

Do your employees know enough about phishing? Can they explain what spear phishing is? Do you have a policy in place to help prevent CEO fraud?

If the answer to any of these questions is ‘no’, then you are not alone. Employees remain the weakest link in the battle against cybercrime and are criminals number one target.

Read More [fa icon="long-arrow-right"]

What is CEO Fraud, and How to Prevent It

[fa icon="calendar'] 05-May-2017 08:58:37 / by Stephen Burke posted in CEO Fraud, CyberCrime, Phishing, Social Engineering

 Imagine going away on holiday and returning to find that in your absence your business bank account has been drained. When you ask your accountant, they are mystified - you gave the order for the transfer.

It may sound like the plot of a blockbuster thriller, but it's the scenario that has faced hundreds of business owners whose employees have fallen prey to CEO fraud.

Read More [fa icon="long-arrow-right"]

Phishing; The root of all evil...

[fa icon="calendar'] 14-Feb-2017 06:45:00 / by Stephen Burke posted in CEO Fraud, Phishing, Spear Phishing, Staff Awareness, Phish prone, Ransomware

What exactly is Phishing ?

Read More [fa icon="long-arrow-right"]

Human error: the frontline of enterprise security

[fa icon="calendar'] 05-Nov-2016 00:54:24 / by Stephen Burke posted in Human Error, CEO Fraud, CyberCrime, Risk

It might uncomfortable to admit, but employees are the weakest link in any security fence. Cybercrime is a booming business and hackers will try to compromise an organisation using the easiest route: human error.

Last year, a study from CompTIA showed that 52% of the time, human error is the root cause of security breaches. It's not surprising either: employees lazily glance over security policies, share information with people they shouldn't, haphazardly click on phishing links and in the worst, but rare, cases, intentionally sabotage their company.

Supermarket giant Morrison's knows this only too well. It was a disgruntled former employee that leaked the payroll data of nearly 100,000 of his erstwhile co-workers. The supermarket chain is now being sued by thousands of its employees for failing to protect their data.

More often than that though, employees breach their own security out of the goodness of their own heart. Security policies can be cumbersome, seemingly arbitrary things. Employees that want to do a good job, and do it quickly, will often try to circumvent practices that slow down the workflow. This may involve sharing a document with somebody outside the organisation, or even worse, storing passwords and login credentials in plain text so they don't have to remember the array of different passwords needed to log in to office accounts.

It's not just the rank and file that are vulnerable. The recent threat landscape has shown that CEOs are just as vulnerable to human exploit as anyone else. A 'Whaling attack' is type of CEO fraud which targets executive members of an organisation using researched, personalised emails. Hackers will often trick a company's CFO into handing over fistfuls of cash to someone who seems like an employee, but is actually a cybercriminal.

For a human problem, there isn't necessarily a technical fix. Educating employees will always be the best way to ensure your organisation doesn't fall prey to a breach borne of human error. Employees have to know how to spot a phishing email, who they can and can't share files with and what information they can safely publish online.
Read More [fa icon="long-arrow-right"]