06/03/2017 12:05 GMT | Updated 07/03/2018 05:12 GMT

Real CEO, Fake CEO: Who Is The Biggest Enterprise Threat?

Meet two threats to business security: the real CEO and the fake CEO.

The real CEO talks a good game about cyber-security.

He or she worries about trends like Bring Your Own Device and Bring Your Own App, also known as Shadow IT.

They know there's a very real threat of malware being brought into a business on a personal device, or business data being lost an employee's private phone or laptop.

But that worry doesn't extend to stopping it happening.

Letting employees use their own phones and apps for work tasks saves spending time and company cash on new IT, right?

Indeed, security procedures and protocols are for the staff ... surely, directors would never be caught out by phishing scams and dodgy links or attachments in emails?

Then again ...

Professor Alan Woodward, a leading cybersecurity expert at Surrey University, U.K., and co-author of a new white paper Hacker-nomics: Introducing the Dark Web says company bosses often have too lax an attitude when it comes to their own behavior and devices.

They're often the "worst culprits", he says.

"I've heard many CEOs complain that they have to have a six-digit PIN and that their phone is auto-wiped if they enter the code wrong three times," says Professor Woodward.

"They particularly hate the phone locking after a short period of inactivity."

Sound familiar? If you're the security lax CEO, it's a good time to think hard about the example you set in the business.

Also think twice about Shadow IT as a neat cost-saving step.

It could well be your worst business strategy.

"We have seen so many problems with apps being infiltrated with malware that it is tantamount to throwing away all of your perimeter security," Professor Woodward adds.

Nevertheless, for some decision-makers having an integrated security solution for mobile devices will seem like an unnecessary expense. Yet, as phishing campaigns like Gooligan show, mobile devices are increasingly seen as the soft underbelly of the commercial targets."

Now let's meet the business leader's alter-ego: the fake CEO.

One of the most successful digital scams of recent is the fraudulent emails that appear to be from the boss.

An email, typically from the CEO, is received by someone in the finance team asking for an urgent transfer of funds.

As the instruction has come from the top, the diligent employee gets it done straight away.

The only problem is, it's a fake.

As soon as the money is transferred, it's moved on, and the initial beneficiary account is closed down.

In recent months the number of victims of CEO phishing fraud has reached epidemic proportions. The FBI has stated that fake CEO scams now account for crime worth $3.1bn with more than 20,000 reported cases in three years.

It's a simple con that preys on employees' efforts to do a good job.

It also highlights just how broken email is as a business communication tool.

Now the cybercriminals are looking to target Shadow IT in the same way.

Shadow IT has the potential undo all your cybersecurity efforts.

With so much at stake and so much already invested in security systems to then allow cybercriminals a way into the organization that's completely beyond the IT department's control is the business equivalent of shooting yourself in the foot.

Make sure you take back control of group collaboration and messaging before it's too late. Move to a centrally managed platform that has enterprise-class security built-in.

Change starts at the top.

Like it or not any CEO who does not take the security of Shadow IT seriously is as much of a problem as the fake one.

The full white paper is available to download free of charge here: Hacker-nomics: Introducing the Dark Web.