Security is becoming ever more important, but the human element often remains one of the most vulnerable points in any company’s security systems. Firewalls can prevent hackers and cyber bots, but the classic cat burglar strategy of looking for the open bathroom window, is a digital weak spot too often exploited with a high financial cost.
Advance malware and password theft often relies on the things we can’t automate and protect against, the evolutionary flaw of human era. How many times have employees opened an email from an unknown source and clicked on the attachment? Or followed a message from anti-virus software encountered whilst on the internet and opened the door to a breach. These are just two of most common mistakes the National Crime Agency have detailed.
In 2017 cyber threats are growing. In a recent report on educating employees on cyber security, leaving laptops and mobile devices unattended in vulnerable places was seen as a red carpet for hackers. Especially when the golden rule of use the server and not your devices’ hard drive for the sensitive data is not adhered to; it puts a whole business network in a compromised position.
How do you educate employees?
You could start with ‘don’t use don’t’ command as the first step in creating a psychological firewall. From January to March 2016 the Egress report noted human error accounted for 62% of all data breaches. It might help to encourage employees to think like hackers. Encouraging staff to know and familiarise themselves with hacking tactics is a good start, to help them to know the risks and potential negative what if scenarios. Smart education on good practice and its effectiveness can spread accountability on a personal level.
2016 was a crystal ball for the sophistication of what threats await businesses in 2017. Trend Micro noted ransomware is maturing with a 25% growth in specific cyber-attacks predicted . This includes the infiltration of point-of-sale machines and SMEs. It’s often the case that SME’s have a skills gap that was recently highlighted in the cyber security predictions for 2017 and suffer from a lack of the budget to employ a Chief Information Security Officer. The firewall is often only as good as the architects who create it.
Here’s what you should have in place if you encounter a cyber breach.
1) Employees have been educated about security threats. Provide clear best practice and company policy for online behaviour to avoid human error.
2) You should have a sophisticated IT security policy as part of the on-boarding process. A clearly written plan and awareness of the latest threats allows for swifter understanding of the problems posed by cyber threats and what an employee’s actions should be.
3) Have a clearly available emergency number. Lost your laptop, tablet, mobile device? Something suspicious in your inbox or given your details on the phone then had second thoughts about the validity of the call? Have an expert on hand with both a mobile (your email might be down) and email address to handle the problem.
4) A PR strategy to manage the worst-case scenarios. This allows businesses to be ready to field any questions while the breach is being addressed.
5) A firewall drill. This will ensure employees have an awareness of what to do if there is or the suspect a threat or breach. They will know what to do and who to call.
With 62% of all data breaches being caused by human error in the first part of 2016 then this is a metric the IT department need to keep low in their KPIs. Cyber security is a constant battle in an escalating war between white hat and black hat hackers. That said, hackers will always look for the easy wins, so if you can at least take the basic security steps, you will buy yourselves some time, and ensure that, it might be someone else’s firewalls and data systems that are compromised first.