Bad habits of employees are significant cyber security risk

20 June 2016

Employees’ bad habits are leaving their employers cyber doors wide open to attack, according to a new study. Improving awareness through communication and training, as well as implementing a range of controls to monitor behaviour, is key.

Cyber security has in recent years grown into one of the chief concerns of business leaders. The growing attention the topic is receiving in boardrooms follows from the scale and impact it is having on businesses across the globe. One study by the Center for Strategic and International Studies, a Washington DC policy research group, and McAfee, a technology security firm, puts the annual cost of cybercrime to the world economy at more than $400 billion, although the researchers say nothing about the wider impact on business reputations and personal lives. According to Gartner, there are over 500,000 cyber-attacks globally every day, and, more worryingly, they believe that the convergence of a range of large technology trends will going forward continue to extend the scale and reach of cybercrime.

For organisations, mitigating the impacts of cybercrime has become serious business, and, as a result, spending on ramping up defences along cyber frontiers is taking off. One analyst firm estimates that cyber spending will hit $86 billion this year, aimed for the most part at technical skills and building an active cyber-defense stance. However, a new report released by Norrie Johnston Recruitment (NJR), a Winchester-based executive search and interim management company, shows that while most of the attention goes to thwarting e-criminals from doing their crooked job, arguably just as much attention should go into educating a company’s own employees. 

Question One: Which of the following have you experienced in the past 12 months?

The research found that staff pose a significant risk to their employer’s cyber security. Just over 50% of employees surveyed have in the past 12 months experienced some kind of scam from a fake email from Paypal, Apple or a bank (29%) to a Facebook scam (12%) to clicking a link that put a virus on a PC (7%). A further 17% of respondents have received scam emails that looked like they were sent by a friend, and 16% have been telephoned by someone about a ‘problem’ with their PC. “It appears that people are bombarded by potential cyber threats in their private lives, and are quite savvy about how to avoid them. Yet when it comes to a work situation they don’t realise that they still need to be security aware. As a result, they are making their employers vulnerable to attack,” comments Graham Oates, Chief Executive of Norrie Johnston Recruitment.

In addition, employees, in many cases due to a lack of awareness about security, tend to portray a range of bad habits which inadvertently are leaving companies’ cyber doors wide open to attack. 23% of employees for instance use the same password for different work applications, while 17% write down their passwords, making their accounts vulnerable to password hacking. Furthermore, 16% work while connected to public Wi-Fi networks and 15% access social media sites on their work PCs.

Question two: Which of the following have you done?

“The biggest threat could be the one right under your nose – your employees,” states Oates. “There’s a clear need to educate staff about the importance of cyber security best practice and how even actions that we all take for granted, like checking our Facebook page at lunchtime, could provide cyber criminals with a way into a business.”

For firms seeking to ramp up their cyber frontier, Oates concludes with an advice: “Cyber security is no longer the territory of the IT team, it’s the responsibility of everyone. It needs close integration between IT, HR and Security; it needs to be embedded in the culture of the organisation and it needs to be built into the entire employment lifecycle starting with pre-employment screening and on-boarding and induction processes.”

More news on


First Consulting helps BDO to build new RPA capability with UiPath

22 March 2019

Global accounting and consulting firm BDO is working on its own digital transformation, as it looks to pioneer the use of Robotic Process Automation in its work. Business consultancy First Consulting is helping BDO with designing the RPA journey and building its internal RPA capability.

Robotic Process Automation describes a process that utilises software programmed to autonomously carry out basic tasks across applications, reducing the burden of repetitive, simple tasks on employees.  Able to be developed and deployed in a matter of weeks, RPA is highly cost-effective and can typically demonstrate returns on investment within a few months. It has been known to dramatically improve the speed and accuracy of processing, resulting in a quicker and higher quality of service to customers.

Last year, BDO explored the value of Robotic Process Automation, concluding the technology has the capacity to bolster the firm’s service offerings as well as internal operations. On the back of this analysis, the professional services firm incorporated RPA into its ICT strategy for the coming years. This has already seen the first robot delivered at BDO, which has since been taken into use by the business.

First Consulting helps BDO to build new RPA capability with UiPath

First Consulting is advising BDO on all aspects of deploying and scaling up the technology across the organisation – from capability building, governance structure and processes to architecture and IT infrastructure. The joint team of BDO and First Consulting have, meanwhile, also taken the first steps to set up an internal RPA capability.

BDO faces a key year for its operations, particularly in the UK where it has recently become the fifth largest provider of audit and advisory services in the country. As the firm looks to further grow its junior auditing market lead over the Big Four, the effective deployment of innovations such as RPA could prove key in the coming period.

With RPA on board, BDO’s ICT department aims at increasing the satisfaction of employees by removing a range of often boring (repetitive, administrative) tasks. By automating such tasks, productivity can also be increased at the professional services firm, as its staff will be freed up to spend more time performing value-adding activities. On top of this, RPA can execute tasks and processes with a lower margin of error compared to humans, enhancing BDO’s internal operations.

Working with RPA vendor UiPath, during the project at BDO, First Consulting has sought to apply its best practice RPA growth model methodology. The approach differentiates between three different growth phases, starting with RPA, structuring RPA, and scaling RPA.

Project results are delivered through an agile approach. According to the engagement partners, the following results were achieved in a period of six weeks:

  • Developed a first robot process that directly creates value for the business and contributes to the 360 degree customer view by migrating information from two systems to another system;
  • Advice and implementation plan on the technical design in relation to RPA, ICT guidelines, a security questionnaire and a basic infrastructure;
  • A roadmap for setting up an internal RPA capability, including the following components: processes & governance, change management and capability building & training;
  • Plan for setting up benefits tracking / monitoring as well as reusability of robot process components.

So far, First Consulting and BDO have enjoyed a pleasant and productive cooperation, achieving “tangible results” along the way. According to First Consulting’s team engaged by the project, the close match between the firms’ norms and values proved a key success factor. In the coming period, First Consulting and BDO are investigating opportunities to develop a digital capability in other areas of BDO’s business.

Roel van Overdam, Head of RPA at First Consulting, said of the collaboration, “Our pragmatic, no-nonsense approach has clearly paid off.”

Related: First Consulting: Is RPA implementation going in the right direction?