- Security TWENTY Home
- Women in Security Awards
Online behaviours are putting corporate data at risk, writes Alvaro Hoyos, Chief Information Security Officer at OneLogin, an identity and access management (IAM) product company.
Be honest, have you ever indulged in adult content in the office? No? Look around you, because recent statistics prove that at least two in five workplaces are witnessing their employees doing exactly that. Gone are the days when an employee’s occasional procrastination simply amounted to twiddling their thumbs and staring blankly out the window. Now our instant access to the Internet has the potential to cause harm to corporate networks.
A new study by OneLogin explored the amount of online freedom that employees are being given and the detrimental impact unrestricted internet access is having on UK businesses. By trusting their staff with free reign to the unpredictable world of the web, many companies are leaving themselves vulnerable and putting their corporate data at risk.
The study surveyed 605 IT professionals and found that; 41pc have spotted a high-percentage of employees accessing adult content, 45pc have seen a high-percentage of employees visiting gaming and gambling websites, and 37pc have noticed phishing website use. This kind of behaviour is not only a colossal waste of UK productivity, but also a cyber-security nightmare that could leave an abundance of confidential files in the wrong hands.
Technology has transformed our lives dramatically over the last 20 years, from how we purchase goods to how we consume media platforms. Never have we had such easy access to a vast, far-reaching world of information and entertainment through the internet. However, for all the benefits that these improvements have gifted us, in terms of convenience and quality, it has also revealed some very modern challenges for businesses. People in the UK are spending more time than ever accessing risky materials online and this has inevitably transcended into the workplace. These websites represent a major threat to cyber-security because they are often plagued with downloadable materials and adverts that are embedded with viruses and other harmful malware.
For example, experts have recently warned the millions of Pornhub users to be careful, after it emerged that cyber-criminals were targeting the website with a highly dangerous ‘Kotver malware’ that was cleverly masked through pop-up ads. This use of ‘malvertising’ on legitimate websites has become incredibly popular among hackers and accessing these materials within the workplace can be catastrophic, leaving company networks far more susceptible to phishing scams and viruses, which can be incredibly costly to remediate.
And there are plenty of examples of this risk becoming a reality. 2017 saw a host of devastating cyber-attacks on major companies such as Deloitte and Equifax, as hackers stole information about thousands of customers. The thought of confidential documents and people’s personal details getting into the wrong hands is a harrowing one, and it’s likely to become a far greater issue in 2018. Companies that allow their staff unrestricted access to the internet are in grave danger of placing their names next on the list of cyber hacking victims.
According to the survey respondents, 67 per cent of businesses neglect to invest in single sign-on (SSO) solutions, and 54pc don’t use a domain name filtering system. To avoid a descent into the further chaos that hacks create, businesses need to focus their attention on controlling the content that is being accessed via the corporate network and evolve cybersecurity strategies to reflect modern employee needs. SSO solutions, for example, help to keep information secure by using policy-driven password security and multi-factor authentication to ensure that only authorised users have access to sensitive data, while domain name filtering blocks access to potentially dangerous websites based on a business’s specific criteria.
Businesses must prioritise training to educate their employees on the hazardous consequences of high-risk websites and raise awareness of the issue throughout the organisation. With the most common form of successful cyber-attacks arising from phishing emails, businesses must conduct regular employee phishing assessments. This enables businesses to identify who in their organisation is most liable to click on harmful emails, and help those who aren’t as tech-savvy to be aware of what exactly a phishing email is. Yet worryingly, nearly two thirds (62pc) of the study respondents admitted their business fails to conduct employee phishing assessments, and more than a third (36pc) don’t invest in security education.
Despite cyber-security posing itself as one of the main threats facing businesses in 2018, companies are still failing to properly enforce sanctions on internet access in the workplace. So, ensure that your business is implementing these measures to stop high-risk websites being your downfall.