Ensuring staff vigilance is key to security and tackling fraud

Seven cyber security predictions for 2017
March 31, 2017
Disaster recovery plans – where is yours and when was it last tested?
June 20, 2017
Show all

Ensuring staff vigilance is key to security and tackling fraud

In this age of hackers and international gangs, it would be understandable if business people look outward in the battle against cyber-crime and fraud. However, it is crucial for them to also check that their own staff are not unwittingly putting the business at risk. That is the message from Alan Stenhouse, whose Scottish business AST Risk Consultancy & Training Services Ltd draws on expertise developed over a long career advising companies in the financial sector about security.

Alan, an accomplished Senior Risk Management professional, said: “People talk a lot about hackers and shadowy criminal gangs but many businesses are just as much at risk from mistakes by their own employees. “Often without realising it, employees are the biggest vulnerability for a company’s security. Often, their actions make them the allies of malware, ransomware and hackers but they do not even know that they are doing anything wrong.

“For example, many use company devices for their personal browsing but may be careless when it comes to security, which risks highly sensitive company data if they make a mistake and open the door to hackers. “Or you may have an employee who loses their company device or has it stolen which means that sensitive data falls into the wrong hands. “One of the ways to stop this happening is training. Teaching people how to spot security risks will help them keep data more secure.

“Training is not the be-all-and-end-all, though. While training in security protocols can reduce risk, it will never eliminate it completely. All it takes is one mistake for data to become exposed so companies must ensure that they have strategies in place when something does go wrong. “Businesses need to be in a position to detect and respond to threats the moment they happen. The right strategy and tools can deal with the problem resulting in little or no downtime but only if companies detect it in time and know what to do.”

His specialisms include:

  • Helping senior managers to understand the risks to their business and accept where improvements are required
  • Delivering training to instill a culture of risk and security awareness thereby ensuring measures implemented are understood, sustained and embedded
  • Advising on the safety and control of critical assets, data and records, addressing business vulnerability and the inability to respond to internal or external attack.
  • Chairing Gold-level Crisis and Incident Management meetings and overseeing continuity planning, testing and recovery strategies
  • Building, leading and motivating teams to achieve greater performance, skilled in mentoring and coaching, an advocate for professional development.