Why Your Number One Cybersecurity Risk Is Still Human Error

Successful cyberattacks are, sadly, still all too common. We deal with plenty each year and, in our experience, the vast majority are caused by one thing: human error.

Share this post

Staff members can be duped into sharing login details via phishing scams that allow criminals access to your business. Even system administrators can cause cyber incidents through disabling security controls or bad configuration, leaving your firm easy prey for cyber scammers.

These fraudsters also have their eye on your remote workers. They know that working from home causes many people to let their guard down when it comes to security issues. So criminals can expect better success rates from their trick text messages, phishing emails, or phone calls from impersonators. All these enable them to gather vital data about your firm and use it to breach your cyber defences.

So how can you protect your firm from damaging cyberattacks? Of course, upgrading your security technology will help, but it’s not enough on its own. What’s required is a layered approach to mitigate the impact of human error. Below, we look at four ways you can change your approach to boost your cyber defences:

1. Ensure your people know your security policies and procedures

Your staff need to be aware of what is and what isn’t allowed when it comes to online activity. So you should ensure your policies are clearly stated. A blanket ban on non-work-based internet activity seldom provides the answer. But your people need to know the risks posed to security when they, for example, use a company computer to access personal internet accounts, or use a personal mobile phone to read work emails. If this kind of activity is commonplace at your firm, we recommend you take action to limit it.

2. Make the most of your technology

With your policies clearly stated, you can then use your technology to support them. All the software and systems your firm uses will have features that can be deployed to reduce the risk of successful cyber attacks. It’s important to get an expert to properly configure things like antivirus settings on web browsers, and how your laptops integrate with each other, rather than leaving this to individual staff members.

3. Train your people to be more alert

Many businesses will send all-staff emails reminding them to watch out for scam emails and other cyber trickery. These messages are usually sent in the aftermath of a cyber incident when it’s too late. We recommend taking a more proactive approach to educate your people on the cyber dangers to look out for. A proper cyber awareness programme featuring training, testing, simulations, and more frequent and targeted communications can all be used. In the simulated attacks we have run, we usually find that up to a quarter of staff will fall foul. But using the above methods can address this.

4. Ensuring compliance

It’s all very well implementing cyber security measures and training your staff. It’s another thing entirely ensuring rules are adhered to. You should ensure your firm has procedures in place that enable you to check that your staff are working within the prescribed parameters. The configurations and controls you’ve set up on your IT systems should also be regularly reviewed to ensure they are providing the best protection.

Beating the cyber criminals is an ongoing challenge every firm faces. You should be aware of the risks you face, as these change as criminals employ ever-more devious and innovative ways to breach your defences. But, by introducing sensible controls such as those we’ve recommended above, you can reduce the number and impact of cyber incidents to an acceptable level.

CYBER SECURITY UPDATES

Sign up for the latest advice and information about keeping your business cyber secure.

Share this post