System security can be compromised in many ways. For instance, cybercriminals can use information leaked over the phone or in hard copy to access IT systems.
Without proper training, staff unaware of risks can disclose data or make unauthorised transactions, particularly where phishing is involved. There is a tendency to share passwords in the workplace due to confidence in colleagues and convenience. Insider threat from unhappy staff is also an issue.
Sub-contracting, particularly to cloudbased software services creates risk without proper diligence and contracts in place. These providers are generally unwilling to accept much liability.
Many firms have consciously moved to virtual business solutions for their document management and practice management systems. However, many firms are using the cloud unconsciously – anyone using Dropbox, Gmail, Hotmail or mobile apps is almost certainly using the cloud.
Staff working remotely when travelling or at home are more inclined to make compromises on security by using personal email accounts or insecure connections.
Personal IT equipment is increasingly used for work purposes, especially for the mobile workforce. This is more easily attacked than corporate IT resources. Response and disaster recovery – the consequences of a cybersecurity breach can be magnified without a well thought out response and disaster recovery plan.