Article 19 November 2021 Are you a negligent insider? The threat of cyber-attacks has increased by over 25% between 2020 and 2021. This is worrying and highlights the increased risk we’re facing and why it’s important that we are proactive in protecting ourselves and the business, to not become negligent insiders. What is a negligent insider? an employee who does not follow proper IT procedures. For example, someone who leaves their computer without logging out, or an administrator who did not change a default password or failed to apply a security patch. What’s the risk? Did you know that negligent insiders account for 62% of all cyber security incidents, and 25% of this is because they have had their credentials stolen. Accenture, a global IT outsourcing firm, also experienced a Ransomware attack where the attackers reportedly stole over 6TB of corporate data and demanded a $50 million payment. This attack was unusual in that it was started by someone who worked within Accenture which bypassed many of the security systems designed to keep attackers out of the network. What can I do to reduce the risk? While we have been working from home; it is easy to forget some of the basic security routines to keep our data safe. As we are now returning to the office on a frequent basis it is important to remember the following: Always lock your laptop and phone if you are leaving them unattended even for a short period of time. Not only does this protect you from someone accessing confidential data, but a potential client who could be in the office will see this as a sign of poor security.Keep your desk clear of paperwork, use the recycling bins or the confidential waste bins if it’s no longer needed, at the end of the day pack the documents away.If you print a document, do not leave this by the printer; you don’t know who else may read the document. The majority of ransomware attacks are through successful phishing attacks and we must always be on our guard for emails with links and attachments that you were not expecting. Always pay attention to the warning banner on email, if in doubt it can be reported to the information security team or use the ‘report’ button in Outlook.