Many people do their online shopping and ordering at work – with unintended consequences for the business. Some employees do it because it’s easier, while others think it’s safer, believing that big companies have the security to make it safer to do their online shopping at work, rather than doing it at home or on their phone.
What employees don’t know is that they could be compromising their employer’s security, especially if their employer is an SME. Small businesses are often more vulnerable, having less sophisticated cyber security systems than their counterparts from the big end of town.
Many employees subscribe to and log in to a range of websites using their work email. Some of these sites, and their customers’ emails and logins, have been hacked. Compromised email addresses and passwords are the result of data breaches at LinkedIn, Yahoo, Adobe Systems, eBay, Uber and most recently Twitter and Under Armour.
Just last year, the Australian government said 12.5 million Australian email addresses have been published online*. That was just on a single identified server. These emails often find their way to marketplaces on the “Dark Web”.
Recently, I caught up with one of the leading threat intelligence companies in the US. They showed us through some Dark Web monitoring that showed compromised email addresses and passwords available for sale. What we saw was striking. Emails that had been compromised were for sale alongside the password in use at the time.
With an email address and password cyber criminals may be able to quickly work out how to gain access to your business network. At the very least, they are well equipped to launch phishing and/or social engineering campaigns against you, which may result in significant cost to your business.. These cyber criminals can:
It is hard to stop people using their work email for subscriptions and online shopping, but there are steps organisations can take to protect themselves. SME owners and managers need to ensure their employees:
Richard Smith, Co-founder and Director, Edmund Insurance