As technology continues to evolve, our lives become easier, and our businesses more efficient. That’s the good news. The bad news is that as we rely more on technology, the chances for cybercrime also increase.
Luckily, the cybersecurity experts of the world have come up with many proven solutions to halt the efforts of hackers, with everything from antivirus software to two-factor authentication. However, even though these tools exist, they are reliant on humans to put them into motion and ensure that they are performing as instructed. So security is only as good as the humans employing it, and because of this, errors and vulnerabilities are only natural.
Needless to say, there is room for improvement when it comes to humans and how effective we are with cybersecurity. Let’s look at some issues and a few solutions.
What is the Human Factor?
As humans, we are prone to make mistakes, but when it comes to security, one minor error can lead to a major data breach, and it happens a lot. Studies show that 46% of the cybersecurity hacks and incidents were the result of carelessness or lack of training. This is a startling figure, but it could be only the tip of the iceberg, as it is also reported that in 40% of the businesses in the world, employees have admitted to not reporting a security incident when it happens.
So why are employees responsible for so many security breaches? Are they lazy? Do they just not care? While it may not be as blunt as that, these factors may subconsciously influence the lack of reporting.
It is likely that they just do not understand the seriousness of a cyber threat and how it could severely impact the company, and potentially their jobs. Have a meeting with your workforce, where you discuss the importance of being vigilant and explain the possible repercussions. Recent reports say that the average cost of a data breach in 2020 is $3.86 million, and that’s not including the hit to your reputation. Some businesses may not come back from that, so give them the facts, and they may pay more attention.
As for the laziness aspect, it may not be that they don’t want to report the incidents, but they may not know how to do so. Set up a general email or a phone line where customers can easily report suspicious activity and provide screenshots so the IT team can take immediate action.
Training is Key
What many may see as a lack of caring may really be a lack of training regarding current scams and the warning signs. Employee training is essential, so employees can be on alert while they go about their day. As technology dependence grows, cyber attacks continue to evolve along with it, so if they know the basics, they may also be able to catch the newest threat.
In some instances, employees may know what they need to do but not how to do it adequately. So instruct them on password usage. Instead of a simple password, use one that incorporates a mixture of letters, numbers, and special characters. Also, educate them on two-factor authentication, so they have an extra layer of protection not only on their work computers but on their personal devices as well, especially if they are used at work.
A large bulk of this training should concern social engineering attacks, which make up about 98% of all cybersecurity penetrations. These hacker tricks are designed to take advantage of the emotions or curiosity of humans to open a doorway into our systems. Employees must be warned about these common threats, or they can be easily tricked into falling for them. Remind employees to be wary of falling for social engineering attacks like baiting and load a USB drive that they find lying around, even if it is inside the office, and instead, bring it to HR.
Another common threat is the phishing scam, where hackers send out fraudulent emails that appear to be from a figure of authority like the IRS or even someone from HR or the CEO. Many office workers get hundreds of emails each day, so it can be easy for someone in a rush to accidentally click on a malicious link or attachment within the message. This simple click could open a pathway for hackers who can then steal corporate data.
Once the training is complete, and they are aware of the signs, have all employees sign a memo that requires that they disclose any cyber threats they see to the appropriate party.
Guidance for Using Personal Devices
If 2020 and COVID-19 have shown us anything, it is that the switch from working in an office to working remotely is easier than previously thought. Now, many companies have their entire workforce at home or working out in public, and in many cases, they are using their personal devices, creating a whole new set of potential human errors. In addition to the threats discussed in your training sessions, personal cell phones and tablets can also be easily lost or misplaced, and if it leads to a data breach, the human is to blame.
The first thing your company has to do is set up a rule regarding the use of personal devices for business. If they are not allowed, then set that rule in stone and have them sign documentation and file that paperwork in case the agreement is ever breached. If personal or mobile devices are allowed, then they must be equipped with the necessary security measures, including password protection and data encryption, and they should be monitored by the IT department.
In addition to getting lost, mobile devices can also be easily compromised by fake Wi-Fi networks that are set up by hackers in public establishments and made to look like the authentic network. After the employee connects to the fake network, access to sensitive data can be easily obtained. If employees must work in public, set hard and fast rules, such as enforcing that they can only work offline or by using a virtual private network.
There’s no secret about it. Hackers are a crafty bunch, and they are always coming up with new ways to sneak into our systems. By reducing human error through education, your organization can limit the potential breach points and remain prosperous.
Note: This blog article was written by a guest contributor for the purpose of offering a wider variety of content for our readers. The opinions expressed in this guest author article are solely those of the contributor and do not necessarily reflect those of GlobalSign.