How cyber-secure are your staff?

Posted: 16th October 2017

How cyber-secure are your staff?

You may have put all your firewalls and spam filters in place and had your cyber security review sorted, and ticked that off your “To do” list, but that is just the start of ensuring that your business is not affected by cybercrime.

The weakest link may not be your IT systems, but your people systems.  How many of us click on links that look interesting when browsing or using social media such as Facebook?  It can become a habit – clicking on links without thinking where that might be taking you and one that employees may also carry on at work.  If your IT systems are robust, they should prevent access to a dangerous link.  But it is a constant battle between the cyber criminals and those who sell their security software.  The security software is always having to catch up – and who wants to be the first to have their systems infected with a “new” virus? Not me.

Therefore it is really important to train your staff so that they are aware that they should not click on links randomly; that they should always questions the origins of emails.  It is not always as easy as it seems; what should the HR administrator do when receiving an email with a CV or application form attached?  Or a finance clerk receiving emailed invoices?  Are they safe to open?  Someone who really has a grudge against the company may use those avenues to send fake documents with viruses attached, but if in doubt always check with the originator by phone before opening or downloading the files.  Checking for spelling, unusual grammar and odd email addresses may ring alarm bells.  And if you have someone from Nigeria contact you telling you that they have some money that needs moving, delete that message now!  Sadly you will also not have won a lottery that you have not entered.  If it sounds too good to be true, then it is almost certainly to be a hoax.

And don’t forget the same principles apply to mobile phones, tablets and other IT equipment – train your employees to be on their guard with those too.

The most unappreciated aspects of cyber-crime is not the intention to infect your systems to demand an eye-watering ransom (although that happens), but the possible intention of stealing company data.  It is not unheard of for criminals to monitor staff social media postings to work out details about disaffected employees and then for them to use that information to pose as colleagues using fake email addresses and elicit information that should not be shared. Make sure that email addresses and passwords are changed immediately an employee leaves a company to reduce the risk of harm from former employees, particularly if they had access to the company systems remotely.


The starting point in minimising the “people risk” aspect of fraud is to make sure that you check the references of the staff that you take on – especially those that handle money or credit card data.

You may think that your business is immune and that things like identity theft or cheque fraud happens to other people, but when you see some of the email correspondences that occur, you will see how easy it can be to be taken in by them.  Our British tendency for politeness makes it difficult for us simply not to respond to emails and therefore makes us good targets.  If you don’t believe me, have a look at the Action Fraud website. ( ).  They estimate that 70% of fraud is cyber-enabled and that men lose on average three times more than women.  With an estimated two million cybercrimes committed last year, clearly crime pays.  Just don’t let it be you.

If you would like help or assistance with the people aspects of your cyber-security, please get in touch via