Staff AND Technology – must unite in the fight!

Posted by Phil Bird

Managing Director, The PC Support Group

Thu 07th, May

If you’re in the habit of checking the news online you will have noticed that almost daily now there are reports of data breaches by attackers. Cyber security headlines are all too frequent and alert us to the skill and persistence of hackers.

Many organisations still rely on traditional security controls in the form of technology such as anti-virus software and firewalls, etc. to protect their critical assets but it is now clear that this is not enough. The increasing importance of employee security awareness is often overlooked with companies providing little or no basic awareness training.

Personnel and processes are often disregarded when it comes to improving security, partly because the security risk they pose to an organisation is difficult to measure and track.

These days, this a crucial issue with cyber security, but businesses that (very sensibly) put in place IT software security often struggle to get senior management to address a risk that they haven’t been able to quantify, or even prove exists.

The problem is that as the technical, on-line security of organisations increases, attackers are looking instead to a much weaker area: employees.

Investing in improving security via staff and processes can vastly reduce the chances of undermining the investment in your technology-based solution.

If you think about it – there is so much information regarding an organisations employees available online and the most common way to exploit them is a phishing email that attempts to attract them to click on a link or attachment. Such e-mails can be anything from promises of deals or offers, to false claims of attached invoices or bank statements. Phishing assessments against employees have shown that as many as 60% to 90% of employees are susceptible to these attacks – effectively allowing an attacker to jump right over the traditional security controls.

So… how can you combat this?

How about some practical employee security awareness training?

Managed phishing assessments, for example, can act as a ‘cyber fire-drill’ for employees, regularly exposing them to various realistic attacks but in a controlled environment – it isn’t unusual for businesses to have 80% susceptibility the first assessment, but see a reduction to less than 10% after the second or third assessment.

Now for the processes … what do your computer users do when they do actually detect an attack? Do you have a process in place for them to follow if that happens? When employees fail to report attacks, it results in a greater exposure than your business would otherwise have had.

Regular “controlled” attacks can not only teach staff how to spot them, but also drills the security process to follow – dramatically reducing your exposure to attack.

Action you can take:

  • Teach employees to recognise bogus emails and not click anything they do not fully trust. Not all security technology will stop malicious emails getting through, therefore they must be vigilant
  • Carry out regular phishing assessments or “cyber-attack drills”
  • Have in place a process to report phishing emails and who to notify in case they clicked purposely or by error; ideally to be carried out within 15 minutes

For more information click here.

Leave a comment

Happy 9th Birthday 6th Door Ltd

Tue 19th, May

As I’m leaning on the stand-up desk in my makeshift home office, that over the weeks has been turned into a video and podcast recording studio

How to take back control of your water costs

Fri 13th, Mar

While most businesses already have a comprehensive strategy in place for their electricity and gas consumption, water management is often overlooked.

How to choose an energy consultancy

Fri 13th, Mar

Most business owners recognise the advantages of shopping around for the best energy deal, but without the time, resource and expertise to find the best tariff, it can be an almost impossible task.

Business energy: Don’t get caught out by rollover rates

Fri 13th, Mar

As a busy business owner, you may feel there are not enough hours in the day to secure your next energy contract. You know you’ll get around to it, but when you’ll get around to it is another matter.

Business water matters – Top 3 water saving tips

Fri 13th, Mar

Water is often referred to as ‘the forgotten utility’. While many large businesses are clearly focussed on their comprehensive energy strategies, it seems many are yet to implement a strategy around managing their water usage.

Know where your cloud data is stored or risk a GDPR fine

Thu 27th, Feb

For businesses who have chosen cloud-based data hosting services there’s a temptation to relax and think “great, we’re paying someone else to take care of our data, we don’t need to worry about it any more.”

Transparency plans could slow down region’s business growth

Thu 27th, Feb

Efforts by regional start-up initiatives that have led to Merseyside outperforming the rest of the UK when it comes to business growth could be hampered by new government proposals, a leading legal expert has claimed.

Backup or risk losing your business

Thu 13th, Feb

Maintaining a robust backup is hard work, it’s important to not only build the correct solution for your business and trust your IT support provider to look after it, but to also maintain a sense of urgency as a business owner to...

Information Destruction and Compliant Data Handling in the Education Sector

Thu 13th, Feb

Identity theft costs the UK economy £5.4 billion and a recent BSIA report showed 169,592 cases of identity fraud, representing an increase of 49% over the previous year.

Give Your Business Utilities a Refresh for 2020

Mon 20th, Jan

January is a time for reflection for most people and this includes business owners, with the new year bringing with it an opportunity to take stock of performance during the past 12 months, create goals for the year ahead, and ensure...