In this age of hackers and international gangs, it would be understandable if business people look outward in the battle against cyber-crime and fraud. However, it is crucial for them to also check that their own staff are not unwittingly putting the business at risk. That is the message from Alan Stenhouse, whose Scottish business AST Risk Consultancy & Training Services Ltd draws on expertise developed over a long career advising companies in the financial sector about security.
Alan, an accomplished Senior Risk Management professional, said: “People talk a lot about hackers and shadowy criminal gangs but many businesses are just as much at risk from mistakes by their own employees. “Often without realising it, employees are the biggest vulnerability for a company’s security. Often, their actions make them the allies of malware, ransomware and hackers but they do not even know that they are doing anything wrong.
“For example, many use company devices for their personal browsing but may be careless when it comes to security, which risks highly sensitive company data if they make a mistake and open the door to hackers. “Or you may have an employee who loses their company device or has it stolen which means that sensitive data falls into the wrong hands. “One of the ways to stop this happening is training. Teaching people how to spot security risks will help them keep data more secure.
“Training is not the be-all-and-end-all, though. While training in security protocols can reduce risk, it will never eliminate it completely. All it takes is one mistake for data to become exposed so companies must ensure that they have strategies in place when something does go wrong. “Businesses need to be in a position to detect and respond to threats the moment they happen. The right strategy and tools can deal with the problem resulting in little or no downtime but only if companies detect it in time and know what to do.”
His specialisms include: