The information you hold in your ERP and CRM systems is not only critical to the running of your business but often contains sensitive, personal information about your staff, customers, suppliers and other stakeholders. Information which is a goldmine to cyber-criminals. So, when you are considering which ERP system to use, you might also want to consider what security is provided around the system to protect your most valuable asset, your data.
As business owners and service providers, we focus a lot of care and attention on the way our businesses are run to help increase profits and customer satisfaction. We invest in systems to help us achieve efficiencies and ensure our staff are well trained to improve productivity, effectiveness and customer service. Staff training can often involve; optimising the use of the company’s ERP software or improving employees’ customer service skills as well as development opportunities to improve employees’ skill sets.
Improving the business’ security is often not part of staff training, but more often than not, your staff are the biggest threat to your business’ cyber security. A 2017 cyber risk survey produced by the London Financial Times, found that 58% of cyber-attacks are attributable to employee behaviour, such as negligence, accidental disclosure and lost or stolen devices. When they included vulnerabilities that exist due to a talent or skills shortage in cyber security, the percentage attributable to internal human issues is closer to 90%.
This is why training your staff to be aware of the cyber risks that could affect them on a daily basis is crucial to the success of your business. Paul Colwell, Technical Director at OGL Computer’s sister company, CyberGuard Technologies, explains: “Cyber-crime is fast becoming a threat to all businesses, not just large institutions. That’s why CyberGuard was set up to help typical UK businesses, of all sizes, move from a reactive to proactive approach to protecting themselves.”
According to an ISACA (an international, independent IT governing body) survey published last year, more than three quarters (76%) of UK office workers didn’t know what ransomware was and 36% can’t define a phishing attack. The study also highlighted that half of UK office workers feel that employees are provided with no cyber security awareness training at all and 1 in 5 confirmed they had been victim of a phishing attack.
Your staff need to be aware of the dangers they could potentially impose. Your business’ security depends on it. With this in mind, we have highlighted 4 key areas where your staff can compromise your company…
Weak passwords
We’ll start off with an obvious one. Having a weak password is inexcusable and a key area where hackers can obtain crucial business data on your employees’ devices. CyberGuard has developed a machine that can guess passwords at an amazing 30 billion combinations per second. So, if you thought an 8-character password was strong, think again. According to a recent survey, on average 2 out of 5 people have had their password stolen and 7 out of 10 people no longer trust passwords to protect their accounts. Simply educating employees on how to use strong passwords can instantly improve your security.
Phishing emails
We’ve all been there; hovered over an email attachment, not knowing whether to open it or not. Unfortunately, it’s that easy to fall victim to cyber-crime. How can you detect if that attachment contains a hidden malicious script or downloads an encryption key from outside your network? There are tell-tale signs on how to spot phishing emails, whether that’s by looking at the email address, or spotting spelling mistakes within the email. Having your staff trained to spot common traits in emails can drastically reduce the risk of your business getting attacked.
Not installing relevant updates
Software updates and patches exist to fix vulnerabilities. If your staff are continuously clicking ‘remind me later’ on update alerts, it can seriously put your security at risk by prolonging the patches. It’s imperative staff keep their systems updated to help stop hackers exploiting security weaknesses. In fact, with business devices patched and updated you are less likely to be affected by a cyber-attack as around 70% of cyber-attacks exploit known vulnerabilities. Un-patched software is also a magnet for malware.
Social Media
Social media plays a huge part in our business life. Whether that’s looking for a business opportunity or contact on LinkedIn or recruiting on Facebook. It’s an easier, more engaging platform to communicate. However, the same can be said about cyber-attackers. Social media is a hotbed for hackers to socially engineer your staff on clicking on certain ‘fake’ profiles or unsecure URLs using clickbait. Once clicked on this domain, staff can leave your defences vulnerable to malware or ransomware attacks.
OGL Computer can provide your business with a long-term business software solution that is proven to reduce costs and increase efficiency. But OGL can also provide you with the very best in IT security, with the help of its specialist cyber division, to help protect your business from the potential devastation of a cyber-attack ensuring your company is, and continues to be, performing at its best.