Despite the majority of people being worried about the amount of personal data held online, a significant proportion are still prepared to share information with people they do not know

Cyber risk

Almost a third (32%) of people wouldn’t hesitate to send their password, bank account number or mother’s maiden name via email or a social networking website, according to a new survey.

Whilst startling, the results prove a real challenge not only to consumer protection groups but also to businesses. 

Cybercriminals are frequently looking for bigger and more profitable targets, and an unsuspecting  employee who falls victim to cybercrime may inadvertently place the security of your business at risk.

According to the survey by software provider, Faronics, professional networking site LinkedIn received the greatest confidence from participants of the survey after 33% of them admitted accepting connection requests from people they do not know. This compared to just 15% of Facebook users.

At the same time, whilst 46% of respondents were found to have changed their privacy settings on Facebook, that figure compares to just 20% on LinkedIn.

“While the risk of identity theft and other cyber threats is relatively well known, many users still seem to be in complete denial that it could happen to them,” said Bimal Parmar, VP of Marketing at Faronics.

Cybercrime is now a multi-billion dollar industry. In fact, a recent report by Norton claimed that it is currently close to being worth $388bn annually, which is close to the value of global drug trafficking. In the same report it is estimated that the cost of cybercrime to businesses is close to $114bn.

Parmar points out that there is a growing trend for cybercriminals to use social media platforms to gather detailed information about their victims (finding out their friends through Facebook, for example) which can then be used in an attempt to extract high valued data via direct messaging, or to better guarantee successful spear phishing.

Today, ever more reliable junk inboxes combined with the suspicion of opening emails from unknown sources has made this a much less successful technique for cybercriminals. However, if they are in possession of a victim’s contacts (through research on Facebook or LinkedIn) then the success rate of spear phishing can increase dramatically.

“Today, any personal information can be harvested and exploited by a determined cybercriminal,” says Parmar. “[B]irthdays, job roles, supplier information, travel plans or details of hobbies – can be used to form a convincing email that the victim could believe originated from a trusted source.”

Despite the risks, just 24% of UK organisations admit to having specific policies, training and/or safe computing measures in place to prevent an employee from falling victim to spear phishing and other email scams, and a fifth of survey respondents still believe that a good PC security package will solely protect them from fraud.

According to Parmar, companies should carry out application control - whereby ‘control lists’ are used by companies to determine what applications are able to be executed on computers in the workplace - in order to remove the threat of cybercriminals accessing the network: “A layered security strategy that enables administrators to control exactly which executables can and cannot run on each individual workstation provides the ultimate safeguard against the reputational and financial damage that failed security can bring.”