The Meetings Show
Emirates Old Trafford
Smart Group - Electric Xmas

Employees pose significant risk to company cyber security

Only 1 in 4 businesses test their cyber security devices

Staff are a significant risk to their employer’s cyber security, according to new research by specialist global executive search and interim management company Norrie Johnston Recruitment (NJR).

The research, which forms part of NJR’s cyber security report titled How real is the threat and how can you reduce your risk shows that 23% of employees use the same password for different work applications and 17% write down their passwords, while 16% work while connected to public wifi networks and 15% access social media sites on their work PCs. Such bad habits and a lack of awareness about security mean that employees are inadvertently leaving companies’ cyber doors wide open to attack.

It’s not that people are unaware of the cyber threat. The research also shows that in their personal lives just over 50% have experienced a cyber scam in the last 12 months. 29% have received a fake email from PayPal, Apple, or a bank, 12% have been targeted by a Facebook scam and 7% have clicked a link that put a virus on a PC. A further 17% of respondents have received scam emails that looked like they were sent by a friend and 16% have been telephoned by someone about a ‘problem’ with their PC.

Graham Oates, Chief Executive of Norrie Johnston Recruitment comments: “It appears that people are bombarded by potential cyber threats in their private lives and are quite savvy about how to avoid them. Yet when it comes to a work situation they don’t realise that they still need to be aware of cyber security. As a result, they are making their employers vulnerable to attack.”

In response to this increasing ‘insider threat’, Norrie Johnston Recruitment has brought together a collection of cyber security insights and advice from 15 experts in the field.

But, as contributor Benny Czarny of OPSWAT comments, “The good news is that most data breaches can be prevented by taking a common-sense approach, coupled with some key IT security adjustments.” He goes on to set out 10 tips for avoiding a cyber attack from ensuring employees are properly educated about the necessity for good security to the importance of storing sensitive data in different locations.

Another contributor to the report, Simon Heron of Redscan, suggests employing “a team of ethical hackers to attempt to breach a company’s cyber defences and test the incident response processes” as a powerful way to understand where vulnerabilities lie and the associated risks.

Other contributors provide practical tips on how to manage the immediate aftermath of a cyber breach and examine the differing impacts an attack can have on various industries and sectors, including retailers and financial service providers.

Graham Oates continues: “There is no doubt that cyber security is a hot topic and businesses are fast waking up to the need to protect their cyber presence. But as our research shows, the biggest threat could be the one right under your nose – your employees.

“There’s a clear need to educate staff about the importance of cyber security best practice and how even actions that we all take for granted – like checking our Facebook page at lunchtime – could provide cyber criminals with a way into a business. Cyber security is no longer the territory of the IT team, it’s the responsibility of everyone.”

To view and download the full report, visit