Online shopping at work could expose businesses to security risks
Employees who spend time shopping at work aren't just affecting the bottom line.
Most business owners know that online shopping at work can affect the bottom line, but one cybersecurity expert says it can also expose a business to security risks.
According to online insurance specialist Edmund, employees who do a lot of online shopping are likely to enter their personal email and passwords into more sites than their non-shopping colleagues would. Small- and medium-sized businesses could be in trouble if any of these passwords fell into the wrong hands and these happened to be the same passwords used to access the businesses network.
“One of the most damaging results of recent high-profile data breaches at LinkedIn, Yahoo, Adobe, eBay, Uber, Twitter and Under Armour was that hundreds of millions of email addresses and passwords were compromised. Recently, I caught up with one of the leading threat intelligence companies in the US who showed us evidence that you can actually buy compromised email addresses and associated passwords on the Dark Web. What we saw was striking," Edmund's co-founder and director Richard Smith said in a statement.
There is a lot of damage cybercriminals can do with the right password. Smith says they can extort the business by using ransomware to lock down the business' network until payment is made or they can steal client data and put it up for sale on the Dark Web.
Even if the compromised passwords don't give them access to your business' systems, they can still try to scam the employee into paying funds into a fraudulent account.
“With an e-mail address and password, cybercriminals may be able to quickly work out how to gain access to your business network. At the very least, they are well equipped to launch phishing and/or social engineering campaigns against you,” Smith said.
Just last year, the Australian government said 12.5 million Australian email addresses have been published online, and that was just on a single identified server.
While the government is implementing its own strategies to combat cybercrime toward businesses, business owners can take their own steps to avoid it. To start with, they can train their employees to practice good password hygiene. This includes practices like using different types of characters in their passwords and changing their passwords often.
Cyber insurance is also an important safeguard against cybercrime. It is a form of business cover that protects businesses from loss due to cybercrime and from lawsuits from customers whose data was stolen during a hack.