One morning late last year, an unemployed man was making his way across London, heading to the library to continue his job search. But on the way, he encountered something peculiar: a USB stick, peeking out among the fallen leaves and shining in the morning sun. Not thinking much of it – and perhaps afflicted with a morbid curiosity – he popped the device into his pocket and continued on his way. Once he made it to the library, he connected the USB to a computer to check out its contents. As he clicked around, he realized with a shock that this was a treasure trove of security information for the Heathrow International Airport: 174 folders packed with maps detailing CCTV camera locations, labyrinthine tunnels snaking below the building and even the exact route the Queen takes when she uses the airport.
Understandably worried, the man quickly ejected the device and brought it – for some reason – to local tabloid the Daily Mirror. Today, despite a full-scale security investigation by the airport and the scrutiny of dozens of police and security experts, it’s still unclear just where this extremely sensitive data came from. However, all signs point to the USB drive being dropped by either a hapless employee carrying around a national security concern in their pocket or a less-hapless employee looking to instigate a national security crisis.
Either way, the story hammers home a vital point: whether you’re an international airport hosting more than 70 million travelers each year or a small business with less than $10 million in annual revenue, your biggest security risk isn’t some crack team of hackers – it’s your employees.
Sure, you may chuckle at the idea that any of your employees would actively wish your organization harm. But we’re willing to guess that you probably underestimate the wrath of an employee scorned. Even if you treat your team better than any boss in the world, they are still human – which, of course, means they’re going to make mistakes from time to time. And when considering the cyber security of many SMBs, “time to time” actually means every day, leaving huge openings in your digital barriers. These errors don’t much matter, really – until the day that a hacker turns an eye toward your business and immediately realizes the laughable security gaps your team is leaving for them to exploit.
“Your biggest security risk isn’t some crack team of hackers – it’s your employees.”
The thing about cyber security is that it’s a lot more complicated than most people are willing to admit. Today’s digital landscape is fraught with hazards, a thousand little mistakes to be made at every step, resulting in a million workarounds for cyber criminals to use. Even the most tech-savvy among us probably don’t know everything about cyber security, and very few have as much knowledge as the hackers on the other end of the equation. When you consider the uncertainty and potential miseducation of your employees, many of whom probably know next to nothing about cyber security, you might start to feel a little panicked.
The battle against digital threats can seem like an endless slog – a war that the good guys seem to be losing – but luckily, when it comes to the security of your business, there are ways to batten down the hatches without dropping a ton of cash. For instance, start with your biggest vulnerability: your team. When a new employee joins your organization, they should go through a thorough cyber security training. Their welcome forms should include comprehensive rules about security policies, from using strong passwords to how they should respond to potential phishing attempts. Deviating from these policies should come with serious consequences.
As for your existing employees, train them up! We can help you build a robust education program to get every single member of your organization up to speed on the most imminent cyber security threats. But even then, cyber security isn’t a one-and-done kind of thing; it requires constant vigilance, regular updates on the latest trends and a consistent overall commitment to protecting your livelihood. Without training and follow-up, even the most powerful of cyber security barriers are basically tissue paper, so put some thought into your team in addition to your protections, and you can drastically increase the safety of the business you’ve worked so hard to build.