Tech-Savvy Employees Can Be Dangerous

Most job advertisements these days cite the importance of computer literacy. From Microsoft Office packages to social media management to coding to graphic design, there is always use for technological skills in business. Although every employer wants a tech-savvy team behind them, there are some cyber crime risks to filling your company with these people. While these skills can be used to boost your business, they can also be used to exploit it, taking advantage of weakened internal IT security and launching cyber attacks from inside.

Here’s a horror story for bosses around the world. A former security officer, Yovan Garcia, has been found guilty of bypassing IT security, hacking his former employer’s systems and conducting a number of cyber crime activities. Firstly, Garcia changed his timesheets to show he worked significantly longer than he did, entitling himself to additional overtime pay. His cyber attacks went further than simple financial rewards, however, and he stole records and details when enabled him to set up a competing business. Garcia was found guilty and ordered to pay back $318,611.70 to his former employer, with additional legal costs potentially added in the future.

It is often far easier to launch these kinds of cyber attacks internally. Garcia managed to get hold of login credentials which enabled him to gain access to the systems. He had not been authorised to do so. However, speculation suggests another employee may have handed them over, intentionally or otherwise. People are automatically more likely to trust their colleagues and not suspect them of being an IT security risk. With the company’s guard down, this environment can be rich pickings for black hat hackers who want to use their skills for cyber crime.

Of course, this is a highly pessimistic view of society and the vast majority of people are not going to set out to maliciously exploit their employers through cyber attacks. However, the fact remains that an increasing number of people have, in theory, the capacity to commit cyber crime. Once you know your way around a computer, you can use your skills in any way your moral compass tells you to. So the question you should ask yourself when you’re hiring new tech-savvy employees is: are they white hat hackers or black hat hackers?

The best way to protect your own company is to heighten every aspect of your IT security. If your software is up-to-date and you have strong firewalls, your weak-points are your employees. Firstly, you need to conduct regular training sessions to ensure every one of them understands the importance of constant vigilance when it comes to cyber crime. Secondly, you need to employ people you trust. High staff turnovers leave your vulnerable. When you must hire new employees, references from previous jobs are essential. Don’t let your guard down and be sure to scrupulously uphold your IT security protocol to ensure you too don’t fall victim to an internal cyber attack.

For more support and advice on this topic, contact Ctrl IT and speak to one of our experts.

_96012299_gettyimages-507473994
IT Security
Advertisements

No More Passwords?

Everyone is sick of remembering passwords. Even with a password manager it’s still a hassle. And when you do follow the rules and change your passwords every few months and use a generator to deliver complex strings of numbers at letters, you could still be hacked. Passwords are the Achilles heel of online security and the weak point cyber criminals just love to target. Now, however, we could be on the verge of waving goodbye to passwords forever as a new form of IT security comes to the foreground: two-step authentication.

Apple has been using ‘Trusted Device’ since iOS9, a comprehensive two-factor authentication system whereby you will be asked via one of your other devices to verify new logins. This works very well for those loyal Apple users who do indeed have something that resembles an orchard clustered on their desks. Google also offers its users the chance to verify account sign-ins by tapping a prompt sent to your phone. You can also set these devices as ‘trusted’ and negate the need to repeatedly accept the prompts. Now, just a little behind, Microsoft have joined in with this new form of IT security.

Microsoft Authentication is an app now available for Android and Apple. Windows Phone users will have to wait as Microsoft aren’t willing to sink money into a development for only 5% of the world’s population of smartphone owners. However, if the app is successful on Android and iOS devices, a Windows app will be developed. Microsoft Authentication allows users to verify logins via their phone in a two-factor authentication style, one of the best types of online security. The app notifies the phone holder of a login attempt and you simply need to enter an eight-digit numerical code which is presented on the app. Each code is only valid for 30 seconds, increasing the IT security offered by this app. It operates in much the same way as Apple’s Trusted Device, to be honest, and is a step forward from the initial Microsoft Authentication released in summer 2016 which only allowed for wearers of the Apple Watch or the Samsung Gear to use their fingerprints to unlock their online accounts. The limits have now been lifted!

Of course, there’s one problem with all of these two-step authentication processes. If you lose your smartphone/laptop/device or it falls into the hands of a cyber criminal (because they are tangible beings, don’t forget), then your accounts can all be accessed because the cyber criminals can grant it themselves. If we continue using two-step authentication through mobile devices, then our individual awareness of who has access to our devices must come to the forefront of online security. And don’t let your basic security slack and always use a passcode or have fingerprint recognition enabled.

It is undeniable that online security is becoming a bigger issue and one which these technology giants are developing new techniques for. As more and more data is stored in cloud systems and every aspect of our lives become digitised, IT security needs to step up their game because cyber criminals are stepping up theirs as the potential rewards get greater. Two-step authentication is a move in the right direction and, surely, more will follow.

dreamstime_m_36206735
IT Security

Protect Your Business With Help From IT Security Melbourne Experts

Last year Hewlett Packard sponsored a report on malicious activities online and their impact on businesses. Titled, 2015 Cost of Cyber Crime Study, it was conducted independently by Ponemon Institute and is a very detailed report into to the detrimental effects these attacks can have. If you are running a business it would be worthwhile reading the report and ensure you are suitably protected against potential cyber crime with the assistance of a qualified IT security Melbourne professional.

The study was conducted globally and investigated a range of businesses within the following countries: Germany, Japan, United States, United Kingdom, Russia, Brazil and Australia. Statistics were complied and then separate reports were generated for each country. The United States had the highest total average cost of cyber crime with over $15 million dollars estimated to be lost by the business involved in the study!

In Australia the study found that cyber crime had risen 13%  since the previous year. The 28 organisations taking part had an estimated loss of revenue between $792,932 to $18 million. The average cost being estimated at $4.9 million per year! These are extraordinary figures which highlight the need for your business to be suitably protected. An experienced IT support Melbourne technician can conduct a security audit to see where weaknesses are in your system.

cyber crime cost
Cost of Cyber Crime Annualized Total Cost

Other important findings that the Cost of Cyber Crime Study report found were:

  • Cyber crime costs differ between the size of an organisation. Unfortunately small businesses suffer higher costs per capita than larger businesses.
  • No industry is exempt from cyber crime. Some of the most targeted organisations include energy and utility services, financial sectors, technology industries, media, consumer products and retail stores.
  • Cyber attacks can be very costly to a business is not rectified quickly. Keep in mind the average time to resolve a cyber attack was 31 days. Some malicious attacks may lay dormant to reappear at a later stage, causing more havoc.

To alleviate any worries and be able to focus on running your business successfully and smoothly, leave IT Security Melbourne to the professionals who can close any loopholes in your current system. Don’t let your business become another victim of cyber crime!