Employees’ online shopping at work could cause “significant cost” to SMEs through cyber attacks
Friday, June 15, 2018/
The next high-risk area for businesses when it comes to cybersecurity might not be the threat of losing thousands to malicious hackers or dangerous malware, but instead the ongoing dangers of online shopping at work.
While it might sound ridiculous, cyber insurance firm Edmund has warned small businesses about the risks of business owners or their employees’ online shopping at work, claiming the practice can lead to increased exposure to cyberattacks.
Though we all might say we don’t do it, online shopping at work is increasingly commonplace in Australian businesses. A study from last year showed that one in two Aussies have shopped online during work hours, leading to an estimated $31 billion in lost productivity annually.
Richard Smith, co-founder and director of Edmund, said in a statement many employees may shop online at work due to it being easier, or in some cases, safer than doing it at home. However, a harmless purchase from Amazon could unintentionally lead to many more problems.
“What employees don’t know is that they could be compromising their employer’s security, especially if their employer is a small to medium-sized enterprise (SME),” Smith said.
This is due to many employees using their work emails to login to various websites, with those websites, in turn, being compromised in data breaches. Edmund says that LinkedIn, Yahoo, Adobe Systems, eBay, Uber and recently Twitter and Under Armour are just some of the sites compromised in data breaches.
Those email and password combinations, often sold on the ‘dark web’, can then be used to access company systems, or engage in social engineering – a form of cyberattack where attackers pretend to be members of the organisation to dupe workers into sending funds to fraudulent bank accounts. The Australian government estimated 12.5 million Australian email addresses were published online last year.
“With an e-mail address and password cybercriminals may be able to quickly work out how to gain access to your business network. At the very least, they are well equipped to launch phishing and/or social engineering campaigns against you,” Smith said.
“Any of these may result in significant cost to your business.”
Business owners concerned about their email and passwords being available online can check if they have been included in a data breach via haveibeenpwned.com.
Social engineering campaigns, also known as “Business Email Compromise” (BEC), have been known to wreak havoc on SMEs, with hundreds of cases being reported to the Australian Criminal Intelligence Commission (ACIC) over the past few years.
In August last year, Australia and New Zealand managing director of cybersecurity firm Proofpoint, Tim Bentley, told SmartCompany SME owners should be vigilant when it comes to suspicious emails, as the amounts hackers try to nab can near ruin a business.
“BEC attacks mean huge sums which can undermine a smaller company and significantly rock a larger one. The attackers go for as much as they can, and even tech-savvy companies such as Facebook and Google have been taken for more than $100 million over the last two years,” he said at the time.
“I would take anyone who can pay a bill and put them through some basic training on this. It’s very easy to pretend to be someone else over email.”
“If they’re in any doubt, they should make a phone call or get a second opinion from someone else in the office. Make sure they call via a trusted and saved phone number, not through a number provided on the email address.”
Feel the churn: How to bounce back after losing staff and clients Sue Parker DARE Group founder
Own it: The 10 things you need to do to manage your personal brand Lisa Stephenson Who Am I Projects founder
How to call your team into action with a winning presentation Emma Bannister Presentation Studio founder
The link between diet and mental health — and how to eat your way to wellbeing Kate Save Be Fit Food co-founder
From interactive videos to AI: The five marketing trends that will dominate 2019 Warwick Boulter Collaboro co-founder
Australia is leading the legaltech revolution, but what does this mean for lawyers, firms and clients? Jodie Baker Xakia founder
Why a video news release needs to be part of your PR strategy Leisa Goddard Adoni Media managing director
Want to catch more customers? Here's how to create a super sales funnel Jovana Vujnic Bumper Leads founder