You’re sitting at your desk getting that report done when an email notification pops up. You have a quick look, you don’t recognise the sender. It asks you to click on a link, that looks innocent enough but seems a bit suspicious. And then you’re faced with a decision, do you click on the link?
‘Don’t click on the link’ has been a key message to employees when it comes to preventing cyber attacks and security breaches. With October being Cybersecurity Awareness Month, the human risk factor is being highlighted this year as the key risk in cybersecurity.
Human Error
It has been identified that human error is involved in 90% of all security breaches and it has become of vital importance for staff to be able to recognise and to know how to respond to a potential phishing scam or hack. Strong passwords and systems are also needed to be in place to secure an organisation. A good password is one that is easy to remember but hard to guess. For example, a good password could be four random words – it is long and hard to crack. Avoid using the obvious, such as your pet’s or children’s names.
The recent SANS Security Awareness Report 2022 stated that, “People have become the primary attack vector for cyber attackers around the world, so humans rather than technology now represent the greatest risk to organizations”.
As cyber attacks continue to become more sophisticated and complex, the report has identified the three top cybersecurity concerns for businesses:
- Phishing – sending malicious emails or links designed to target people for access to financial information or sensitive data.
- Business Email Compromise (BEC) – which is similar to phishing, but is a more targeted attack focused towards a company’s accounts department with emails either about payment or a change in payment details.
- Ransomware - which is demanding a ransom to gain access. Most of these attacks start with phishing or bypassing a weak password, both involving people and quickly become highly public as the business has to notify customers or local authority.
The report also said that the Covid pandemic had “created a far more distracted and overwhelmed workforce but has also created an environment where human-based cyber attacks have become more frequent and effective” It highlighted the three top challenges faced by companies when it comes to managing cybersecurity as:
- Lack of time for program management
- Lack of staffing
- Limits on training time per employee
A Strong Solution
While human risk factor has been highlighted as the weakest link, people can also provide the strongest solution. If cybercrime training and awareness is implemented and continually updated as trends in cybercrime change, companies can provide their staff with the tools they need to prevent security attacks.
Steps to take include :
- Strong passwords
- Regular online safety training so staff recognise and report phishing attempts
- Multi-factor authentication
- Keeping software updated.
Edtesa Secure has the resources and tools to assist your organisation to become cybersecure. These include :
- Edtesa Cyber Security Training for staff to engage staff and raise aware cybersecurity awareness, as well as a dashboard to gain access to real time information as to staff’s understanding of cybersecurity threats to the organisation;
- Edtesa Cybersecurity Software to protect and secure your organisation’s systems and devices;
- Data Protection Officer service with help from experts to ensure GDPR compliance and protect your organisation’s data.