By Carole O’Brien
Throughout the global pandemic, there has been a shift to remote and hybrid work, forcing companies to alter the way they operate practically overnight. With very little warning, time was extremely limited to prepare and where most organisations saw crisis, cybercriminals saw opportunity.
It is reported that the cyberattacks increased by 65% from when lockdown was announced and there has been little decline since. One scary statistic from a recent report showed that 300,000 new pieces of malware are created daily so our systems are certainly up against it. Having the right security measures across networks and devices is essential.
However, there is another element that is just as important in ensuring the net is tightened on cybercriminals, the end user.
Over 90% (ICO) of all data breaches in 2020 were due to human error, a staggering statistic. Positively, there is something that can be done to significantly reduce these numbers, at little time and cost and with just some advice, thought, planning and implementation.
So, where are the risks, and what can you do about them, now?
- Phishing emails or text
- Using public Wi-Fi without encryption
- Sharing devices (even with family and friends)
- Weak or repeated passwords (includes not changing regularly)
- Not updating software on devices
- Physical loss of devices
- Using personal devices for work
- Spam mails or texts
- Downloading from untrusted websites
When you read through the list, it may be hard to believe that people can get caught out by them, but the fraudsters are extremely clever in their tactics and have developed exceptional methods of engagement. When something is not at the forefront of your mind, it is so easy to slip up. Only last week, I personally heard of a business that had been compromised by sending a secondary email with a change of bank details for an invoice, in just a few seconds, thousands were lost.
Another recent example was new employees that had never met their employers. Receiving a message to buy vouchers seemingly from the boss, led to untraceable cash disappearing. Everyone can be a click away from being compromised, and although these stories are sad, where the real problem is when your data is stolen, the cost both in financial and reputation can be immense.
Now some positive news! To reduce the chance of your end users being caught out, the main defence is awareness, training and focus. Evidence shows having an end user training programme that is regular (monthly has optimum effect), informative and engaging, has a major positive impact on reducing human error. Creating a training program that delivers smaller amounts of information on a regular basis will minimise effort, reduce end-user training fatigue and improve content retainment.
The fast evolution of the cybersecurity landscape requires security training and awareness programs frequently updated and improved, with reporting and evaluation systems to enable agile training methodology. By presenting security as a personal and individualised issue you can make this new personal focus a driver for your organisational security awareness. Teaching end users how to recognize current cyberattacks before they fall victim, will turn them into active barriers against data and financial loss.
Training and awareness can come in many forms but having a strategy that encompasses several methods such as short meetings, monthly emails, end user quizzes will engage an end
user more than a yearly day/half day training. Just one example of an email that could be sent out is about passwords, showing how the small changes to the format can have a huge impact on
the chance of being hacked – see image below.
Keeping security personal and current and in people’s minds is as vital as any network security protocols you have in place. You are only as strong as your weakest link, strengthening your people will strengthen the whole system.
Where can Auditel help?
We understand the importance of IT security and the difference engaging the end user can make. We are partnered with several providers that can construct a personal training programme for your business. Alternatively, we can assist you in developing your own strategy and provide the bespoke material for you to deliver.
Remember the cybercriminal never sleeps. They are there waiting for any opportunity and they will exploit any situation to their advantage, but now is the time to fight back.