Bridging the Gap Between Personal and Business Cyber Security

In this era of hyper-connectivity, the home and workplace combine in ways that increase the threats of cybercrime, particularly here in the South West, where many small businesses and professionals operate in remote and hybrid environments. A recent rise in credential-based threats highlights how individual habits can spread into organisational vulnerabilities. Let’s explore how the line between personal and business online safety can often be blurred, and most importantly, what we can do about it.

The Shared Threat Landscape

There have been two recent events worth noting as examples of how your own everyday activities directly impact your workplace’s cyber resilience:

• Cybercriminals uploading millions of user credentials including email addresses, passwords, and associated URLs to underground forums, likely gathered through malware and not necessarily through direct corporate breaches.

• The hacking of a corporate database leading to bulk exposure of low-level business and contact data, not passwords but enough to fuel phishing and vishing attacks, including social engineering and phone spoofing.

The key takeaway from these incidents is that whether it’s stolen passwords from individual browsers or leaked contact data from compromised corporate systems, cybercriminals will attempt to exploit any data leads that they can find.

Why Regionalised Awareness Matters

Owing to the rural nature of our region, the South West is proud to be home to a plethora of small businesses spanning many industries, professionals working for big city corporations at home, and tight-knit communities in industries such as tourism, creative, and agriculture. This means that the risk of cyber threats can rapidly spread across these networks. An innocent mistake made by a remote employee in Dorset could have catastrophic consequences to a global corporation in London. A trusted local cyber resilience centre must play a key role in providing expert guidance and support to allow the community to stay resilience to such threats.

Best Practices for Harmonising Personal and Business Cyber Security

• Strengthen credentials across the board: Use password managers to assure that personal and business passwords never overlap and always have 2-step verification (2SV) enabled on all accounts.

• Protect against phishing and vishing scams: Be wary of unsolicited calls or emails requesting password resets or sensitive information. If you have team members working from home or in small offices without IT support, incorporate security awareness training into your staff training schedule.

• Monitor personal devices as you would business devices: Install reputable antivirus and anti-malware tools and keep them updated on your personal devices.

• Separate your personal and business data: Working from home, it can be easy to use the same devices for both work and personal usage. However, we recommend using different browsers and user profiles for work and personal activities. Avoid saving business credentials on a personal device, and vice versa.

What Does this Mean for the South West Community?

There are a diverse variety of businesses operating in our region. A freelance designer based on their family farm in Cornwall, a business consultant working in Bristol, or a family-run B&B operating in Devon – they’re all different, but they all embody how personal and business worlds combine here in the South West. Each can be targeted individually by cybercriminals, but such breaches can easily impact the wider network of the companies they are employed by and the systems they use.

Luckily, the South West Cyber Resilience Centre is here to help. Our support can be tailored to your business size and industry, and most importantly, it is fully funded for our members. We work closely with the region’s Cyber Protect Officers and Cyber PATH students to offer the following support:

• Local community outreach providing advice to businesses and individuals on the most common cyber threats and how to mitigate the risks of them.

• Cyber incident support for businesses of all sizes and operating in all sectors to help you recover from an attack as quickly as possible.

• Monthly updates on all the latest emerging cyber threats and how to prepare for them.

It’s clear from recent cyber incidents that personal and business boundaries pose a significant risk when they overlap. However, we understand that, especially in our region of the South West, it’s often difficult to keep both elements separate from each other when working remotely or for a small business. The recent surge in credential leaks and phishing threats shows how one simple error in your personal routine can compromise your professional operations and this is why it’s so important to stay vigilant and take the simple yet practical steps to ensure your personal and business credentials do not merge.

With the South West Cyber Resilience Centre as a guide, our community can stay safer, together.