HUMAN error remains the leading cause of data breaches – and these breaches cause organisations a great deal of financial and reputational damage.
In a study published in the Journal of the Association for Information Systems, researchers noted the following: “A leading cause of security breaches is a basic human vulnerability: our susceptibility to deception. Hackers exploit this vulnerability by sending phishing emails that induce users to click on malicious links that then download malware or trick the victim into revealing personal confidential information to the hacker.”
When it comes to improving your organisation’s ability to guard against cyber threats, the best defensive strategy is creating a cyber security culture in the workplace.
Think back in time to the office of 2007, when the only devices connected to your company’s IT network were likely to have been office computers and perhaps a few USB flash drives.
Ten years on, and a huge increase in Wi-Fi enabled devices and the ‘Internet of Things’, the picture has completely changed. These days it’s not uncommon for staff to connect their smartphones to the company Wi-Fi or perhaps bring in their own laptop or tablet if a company has a BYOD (bring your own device) policy. Most hardware in an office, for example printers and TVs, is Wi-Fi and/or Bluetooth enabled too.
A recent report by Forbes has estimated that by 2025 there will be more than 80 billion active smart devices connected to the internet worldwide – meaning the connected world is only set to grow.
While the connectivity of the ‘Internet of Things’ can be convenient and time-saving, it also has a more sinister side. Such devices provide cybercriminals with an avenue of attack, access and compromise. This can present a problem for many businesses as it can be difficult to keep track with who is using what device.
The real danger is that unsecured devices can act as bridges for cybercriminals meaning they can easily cross into the territory of a business’s sensitive data. Such attacks can cause serious consequences with both financial and reputational repercussions and, in some cases, can potentially cripple a company for days, weeks or even months.
WHAT’S THE SOLUTION?
For your business to implement a robust security programme, it’s no good relying on the IT department alone – everyone from senior management down needs to be on board.
Senior management that treat cyber security as a high priority is on average more likely to say that its core staff take it seriously (88% versus 76% overall), according to the Cyber security breaches survey 2017.
Whilst ridding your workplace of Wi-Fi enabled devices is clearly unrealistic, the good news is your network can be re-engineered to ensure devices are ring-fenced and secured.
Your cyber security strategy is only as strong as your weakest link.
Organisations need to make sure that every employee is aware of the potential threats they face, whether it’s a phishing email, sharing passwords or using an insecure network.
Protocol should be clearly outlined and followed by all employees, emphasising for example the importance of keeping sensitive information off portable devices.
Regular staff training is vital to keep your network safe.
Remember, the majority of cyberattacks – over 90% – are the result of human error. And, of course, consulting the expertise of a specialist cyber security consultant is always highly recommended.
Sadly, there’s no business or organisation in the world that can claim to be 100% protected against ransomware and other malicious software.
But with a regularly updated security policy, supported by appropriate backup, data recovery and ongoing staff training, it’s possible to mitigate against such attacks, keeping downtime to a minimum and, most crucially, keeping your data secure.
Add Comment