Protecting Your Weakest Security Link – Your End Users
I know we have all heard the term ‘Cyber security’ so much lately it’s almost become so overused that many of us want to bury our heads in the sand and wave it past. Well, you might end up suffocating if you do that because this issue is here to stay for some time! In fact it’s hitting critical momentum and becoming more and more of a business risk each day as we integrate technology on almost every level of our operations. Cyber security is about People, Process and Technology and without a specific prevention strategy, the implications of a cyber-attack can cost a business thousands and thousands of dollars… as a minimum.
A very interesting fact from Microsoft is that 95% of breaches were caused by some form of human error. This can be anything from misconfigured equipment to a staff member clicking on something they shouldn’t. It is expected that IT departments (whether in-house or outsourced) are proactive in their approach and use up to date technology prevention to prevent security attacks. Although not 100% guaranteed to keep out the nasties – IT generally gets the job done if your business has appropriately skilled IT engineers and consultants on hand
But that is only part of it. Another equally important part of cyber security is – Social Engineering. This is where people are being manipulated as a way to elicit information. People are often tricked to provide personal information or click on something that looks like it’s from an authority such as government notice or a postal service. This type of cyber-attack is becoming more and more common and is very difficult to control because it involves people.
Prevention starts with each individual, they need to be aware of how they can be taken advantage of and have a healthy level of suspicion. It is much easier and cheaper for an attacker to come through the human side rather than trying to get around technical barriers that have been specially constructed to keep them out.
So the question is – how do business leaders help educate their end users to avoid an attack?
Social Engineering Awareness Training
Training can’t be once off! It needs to be ongoing, engaging to keep the risk front of mind. Training can be structured to be an experience that shows staff how a technology can be used as a threat. It should also engage with people’s emotions by telling human stories that they can relate too. It should include case studies of what has happened to businesses that have been affected and provide a snapshot of the financial impact of a breech. Include demonstrations on willing participants and show them how they could be attacked.
In summary, business leaders need to be aware of the seriousness of cyber security from people, a process and technology. Social engineering is a serious part of cyber security because it involves the unpredictable nature of human behavior. This risk is increasing more and more as we navigate through the technology complicities of the business environment today.
To find out more and how Royal IT can help mitigate the Cyber Security risk in your business please contact one of our IT Consultants.