Traditionally, businesses have invested in protecting their information, property, brand and people at physical workplaces such as offices and factories.
Over time, this investment extended to nearby work environments such as carparks and surrounding fence lines, gardens and so on.
However, smart criminals, competitors, organised crime syndicates, white-collar criminals and even petty thieves don’t even need to risk entering these physical fortresses and workplaces, they can simply prey upon your business and people, when they travel or are mobile, away from “the office”.
Here are just some of the many ways your business and people are becoming victims…today.
Staff sign up to professional social networks like LinkedIn, using their company email address.
A simple scan can strip every employee’s email address and build a database for social engineering exploitation.
An employee is travelling, they activate an automated “out of office” response.
Using a few other simple data points, “we know you are away, your house is empty or your partner is alone”, is the real message being sent.
Travelling employees are using their “work” computer and devices for personal and private use, taking them to places online and exposing the company to activities rarely considered or endorsed, leaving breadcrumbs to exploit or opening the back door for online access.
Perhaps the company saved money or made it a policy that you have to use your own device.
A BYOD arrangement.
You now have a device or multiple devices accessing select or limited company information, resources and even secrets, using nonprofessional, random, free and unchecked software, passwords and practices.
All these devices can potentially be hacked, lost, accessed and even searched and the entire contents downloaded when entering another country.
When your people turn on their devices, personal or company property, it displays a name or ID via Bluetooth and other wireless networks.
“Here is my name, here is my ID, here is a great way to tell my gender, age, company and even device” in a public forum, is the real message sent.
Working on a new business plan, merger, acquisition or other sensitive projects?
Your people, with company logo, device, bookings, payment, discussions and appearances all just let a select community know exactly what you are doing and where including your own people back at the office who in turn can leak the information.
You access a public wifi network, hotel wifi or airport lounge without knowing the network is fake and sees everything you access, captures information or maybe even installs software without you knowing.
Even worse, the “official” wifi network was compromised long ago and every hotel, airport and router used has already leaked your details and information to criminal groups and syndicates.
These may all seem science fiction or far fetched but they are real case examples from recent events.
It may seem this is all IT and cyber security related, it isn’t.
Let’s go “tech-free” for a bit.
How about the rubbish at home, the hotel or shared office space where you threw away company and personal information?
How about the hotel you checked into and they insisted it was policy to copy the photo page of your passport but in fact they copied every page?
How about when you turn up at a hotel, travel and use services that were selected from a database or chosen from a world away, only to position yourself right in the middle of a high crime and high threat environment?
How about the fact you may be preyed upon according to your age, gender, sexual orientation, hobbies or just because of the shoes you have on are very expensive in this neighbourhood?
How about when you pass through an airport or public transport node and are exposed to the world’s viruses and communicable diseases in a single pass?
How about a series of “cheap” decisions has now put you, your family, your company and your information at risk due to the choices made?
Holistic, enterprise risk management appears that way initially but really it is just a case of expanding your thinking and planning to include all the actual things your people and business are doing today, not what your business did in days gone past.
We can show you how.
Our evidence-based decision making and enterprise security risk management practices are derived from technical, academic and scientific research, refined by practical application.
Intelligent business decisions based on verifiable and analysed research.
Thank you for watching.