Enforcd RegTech Blog - Regulatory Thinking and News

Held to Ransom – The Hidden Cyber Threat

By The Enforcd Team

Financial organisations are furiously building their defences, but here’s one threat they might not have taken into consideration. What secrets are their employees hiding?

The internet is a wonderful thing. It helps companies do business with one another with just a few clicks of the mouse, it helps friends stay in touch and puts all the world’s knowledge at your fingertips. It also allows people to share an unprecedented number of cat videos. Unfortunately, as we’ve all come to recognise, it can also be a playground for much more elicit desires.

In 2016 Ashleigh Madison – the adult dating app which helps married people schedule affairs – was hacked, and the names of 30 million cheaters from all over the world were exposed. The fall out was dramatic – marriages were broken up and the hack was also linked to suicides.

If 30 million sounds like a high number, try 412 million. That’s the number of accounts which were compromised in a hack of Adult Friend Finder – another dating site which helps people get up to no good.

A quick glance at a list of internet searches also reveals a darker side to the human psyche than most people would like to admit.

For example, a survey of popular internet searches found that some of the most popular searches were terms which suggested violence, pain or humiliation for the women involved. Shockingly, perhaps, it was women who were more likely to search for these terms than men.

Let’s sit back and think about those numbers for a moment because they are vast. By way of comparison there are only around 64 million people in the UK. True, many of those 400 million profiles will have been duplicated, but these are from just one site. The undeniable truth is that of the people working in your office right now, a high percentage may have secret online lives they might not want you to know about.

A delicate question

The obvious answer to this is – so what? It is none of your business what your employees get up to in their personal lives as long as it’s legal and few employers want to have that kind of conversation with their workers – partly because it undermines trust between the employer and the employee, but mostly because we’re British and this kind of stuff terrifies us.

Even so, you could potentially be exposed. For all the defences you build into your security systems, your biggest weakness could be your employees. Either by accident or design that are the most likely sources of data breaches, which is why stories such as the Adult Friend Finder hack should worry managers.

Of the accounts access an alarming number were work addresses with more than a few coming from inside parliament. A poll found that 59% of people use the same password everywhere – for all their applications and even work systems.

So, if the passwords for their own accounts get hacked, your systems could soon be at risk.

Equally concerning, though, could be the risk of potential blackmail. The easiest way for hackers to gain access to your systems is to persuade your employees to hand over access details. They do this regularly with phishing emails but another possible avenue is blackmail.

There is a huge amount of information about us online from our browsing habits to social media activity. If hackers get their hands on information that an employee would rather keep secret that gives them a lot of leverage.

The problem for employers, though, is about much more than just the security of their systems. They could be held accountable for any data breach. Last year, Morrisons faced action from its staff after an employee Andrew Skelton stole the data including the salary and bank details of more than 100,000 staff. So, the company could find itself paying out for the malicious actions of one member of staff.

So, what should they do. A firm should not go prying into the lives of its staff, but it can make it clear that any employee would have a way to disclose any such problem in a confidential and non-judgemental way. If that happens, the potential breach is much more likely to be managed to everyone’s satisfaction.

It is a delicate matter, but case law shows the actions of a staff member reflect on the company. So, while it might be difficult, this is one awkward issue managers should not shy away from.