Why are top managers often the targets of cyber criminals?
As top managers of SMEs, we expect and demand access to all data within our company. While we may consider restrictions upon our staff reasonable and sensible, these surely don’t apply to us? Of course, we need them; finance, operations, sales and marketing are the very pillars of our company, and we need access to every document and every record in every area.
I have lost count of the incidents where the source of a virus infection has been the MD’s computer
It is this very access however that makes us prime targets for cyber criminals. To exacerbate the risk, it is our position within the company that makes it difficult for a subordinate or dependent consultant to suggest a limitations upon our access. Our busy schedule dictates that our PCs may not be updated as frequently as others and accommodating support staff frequently reduce the impact of security measures upon their busy boss. We are inevitably the weak link in the chain and have frequently been a key ingredient to the recipe for a compromised network. Our support team have seen the same scenario played out time, and time again. I have lost count of the incidents where the source of a virus infection has been the MD’s computer, and given the access we demand; this is potentially far more impactful and dangerous than an infection elsewhere in the system.
Should we compromise our business’s cyber security for our own ease of access?
It may well be we need access to every document and every record in every system, but in reality; how often do we use it? We may indeed be too busy to allow a daily virus scan on our PC, but how would it be to have all our critical documents on our hard disk encrypted and irrevocably lost? We may indeed need full access to our computer so we can easily install additional software, but if we can easily install so can a virus picked up from a browsed web page. Should we compromise our business’s cyber security for our own ease of access?
As company officers responsible for data security, how does it feel to be the most attractive and probably the most vulnerable target in the organisation?