Families of Executive Team Members are a Weak Link in Your Cybersecurity Armor
The security of any enterprise’s network and systems is only as strong as its weakest link. And for most organizations the weakest link is its people. A staggering 88% of breaches are caused by human error, such as clicking on phishing emails or weak credentials.
But there’s another weak link in the information security chain – the families of corporate executives.
Today, there are no rules or honor among cybercriminals. They have the tools, capabilities, and opportunity to go beyond the four walls of the office, beyond even the executive. They can, will, and do target the family. And that’s a big problem for CISOs.
Let’s Play…The Weakest Link
An executive’s family is the soft underbelly of corporate cybersecurity and easy prey for opportunistic cyber criminals seeking bigger fry – access to the corporate network.
How does it work?
Because of their high-profile positions and status, it’s incredibly easy for the bad guys to find information about executives and their families online and use that data to instigate a hack that flies under the radar of traditional corporate security controls.
Companies love to sprinkle their online executive bios with snippets of personal information such as the names of their spouses and kids. Armed with this information, cyber criminals can dig around further on Facebook to find family connections and augment this information with publicly available information on data broker sites such as family email addresses and phone numbers.
Bingo! They have all the information they need to launch a coordinated phishing campaign against the unsuspecting family. Alternatively, they might send tagged emails to unsuspecting family members to ascertain the IP address on which the email was opened – hoping for the home network – and then exploit it. Gaining access is surprisingly easy. Our research found that one in five home systems are not secure and wide open to attack.
Password sharing is another common vulnerability that is easily exploited. Research shows that 19% of senior managers admitted to giving their passwords to someone in their family compared to only 7% of junior employees. If a bad actor penetrates a family member’s device or application, it’s a good assumption that they can use the same credentials to access an executive’s email or other applications, or gain access to corporate networks.
By this point, the weakest link is exposed, and the consequences are dire. Cybercriminals can take advantage of these vulnerabilities to access any device on the unprotected Wi-Fi network, including executive corporate laptops, tablets, and smartphones. All of which are gateways to the real target, the corporate network.
Such attacks put executives, their families, and the company at risk. But the burden of responsibility for preventing such hacks falls squarely on the shoulders of CISOs – even though they originate outside the corporate perimeter. After all, the only reason the executive and his/her family are on the radar of cyber criminals is because of their public profile and affiliation with that company.
These are worrying developments in the battle against cyberattacks. But what are the options for corporate security teams seeking to address this overlooked weakest link?
Because some of these weaknesses exist on the home front, it’s tough for a company to implement policies or technology solutions that mitigate risk. Security teams can’t protect home networks. And, for legal, privacy, logistical or other concerns, they can’t monitor personal devices of their employees and their families either.
Going Head-to-Head to Protect the Whole Family
So, what is the remedy? First, cybersecurity and privacy solutions must be right sized for executives and their families in their personal lives. Home networks and devices must be hardened with firewalls and endpoint protection. But the experience must be also frictionless and fit in with family life. Kids don’t want onerous rules or controls imposed on their digital lives else they’ll find a way around them, creating further risk exposure.
The key is partnership. Protecting executives and their family requires an expert team and tailored approach for each device, person, and home. Merging advanced technology and 24/7 monitoring with concierge-level support, that doesn’t get in the way of their digital activities or their privacy and gives everyone the peace of mind they need.
Learn more about our cybersecurity & privacy platform with concierge support that protects your company by protecting your executives and their families.