Companies spend billions securing their data electronically; they employ advanced techniques and sophisticated software to guard against spying eyes and have audited processes to secure unauthorised access. Yet this is all to no avail.

The weakest link in all is the human factor who all too often prove not to be very strong.

Recently a Siemens engineer managed to get access to a FTSE 100 financial company for a week, and duped staff into giving out user-ids and passwords and managed to get access to places where confidential data were stored.

It is quite an eye opening example of how easy it is for the wrong people to get access to the right places.

Financial companies should have better trained staff, as they have a lot of information that criminals would like to get access to.

And it is all about better training of the staff and the right processes. For example all should be aware of what they, under no circumstances, should give to others, such as passwords; even if the other person has a very plausible reason to ask for it.

Of course you shouldn’t let your guard down when it comes to electronically protecting your systems from cybercriminals but it isn’t enough.

Today it is more important to improve the training of the staff than adding even more technology and software.

I am not saying that the technology cannot be improved, but the biggest risk today is the human factor.

In 80% of fraud cases against companies the criminals have had help from a person within the organisation.

Clearly the biggest risk is your own employees and not the external criminals. Your security system never gets better than your employees.

Share this: