Study Finds an Organisation’s Greatest Security Risk isn’t Who You’d Expect

The more users on your network, the more risk that user error could create a costly mistake for your infrastructure. While untrained employees could certainly ignore security policies, the greatest risk to your organisation is an unexpected one. Research has proven that your company’s CEO, as well as other C-suite employees, hold one of the greatest risks for your business’ security.

For example, consider just how much sensitive data a CEO has access to. A normal employee may only be able to access information that they directly need for their position, but a CEO’s unique responsibilities require access to just about all data on the infrastructure. In fact, they can access just about anything that they want, which places them at unique risk.

Plus, CEOs usually have a poor work-life balance, putting in far more hours than others within the organisation. A CEO who accesses the company network for 60+ hours a week will naturally be a larger risk than one who only accesses it 40 hours a week.

These factors all become magnified when you consider that CEOs use mobile devices to carry out many of their duties. Since they must always be connected to the office, a CEO’s mobile device may unintentionally become cluttered with company records or sensitive information--certainly more so than a normal employee’s personal device.

In the event that an employee has two separate devices for their work and personal life (something that CEOs often can’t accomplish), data leakage can become a problem, resulting in a breach that could expose data to hackers. While CEOs may get to enjoy the flexibility of not being tethered to the office, this risk is considerable, to say the least.

This is even more of a problem while out of the office on public Wi-Fi connections, like those offered at coffee shops, cafes, conference centres, airports, and pretty much everywhere. Hackers tend to exploit public Wi-Fi hotspots because they know they are often unsecured, and the volume of users on them means a surefire target. This is why most technology professionals will suggest avoiding public Wi-Fi whenever possible unless you’re accessing your infrastructure through a secure virtual private network.

A 2017 security report by iPass reinforces these statements with hard proof that public Wi-Fi hot spots are major problems for business owners and other executives. The riskiest connections are as followed:

  • Coffee shops and cafés, 42 percent.
  • Airports, 30 percent.
  • Hotels, 16 percent.
  • Exhibition centers, 7 percent.
  • Airplanes, 4 percent.

Therefore, you need to ask yourself how often your C-suite employees work outside the security and safety of your in-house network. The more time they spend doing business from these risky locations, the more unnecessary risk you’re exposing your business to.

There are even special attacks designed to target CEOs: whaling scams. These scammers take the time to properly research your business and its upper-level executives in an attempt to pull various stunts, including email scams, phone calls, traditional paper mailings, and plenty of other means. Unlike other spam campaigns, these scams are designed to target the deepest, darkest fears of a CEO. On the other hand, there are scams designed to impersonate the CEO in an attempt to convince other employees to wire transfer funds to offshore banking accounts.

Either way, CEO fraud is a lucrative endeavor for hackers, and you need to prepare for it.
In order to prevent CEOs and other C-suite employees from becoming large risks to your business, you need to implement additional security measures that specifically take these threats into account. Implementing a solid BYOD policy and enterprise-level security solutions can be a great counter-measure.