Sign up for our Newsletter
Keep up to date with the latest IT news, tips and guides from Dragon IS and sign up here:
Preventing human error causing a cyber attack at your business
If you’ve ever opened an email pertaining to be from a known business contact, only to discover it was in fact a phishing scam, you’re not alone.
Cyber attacks are on the rise. In 2020, 85% of incidents occurred as a result of human error, as captured in Verizon’s 2021 Small & medium Business Data Breach Investigations Report, which collates data on cyber security breaches from 88 countries worldwide.
In total, small businesses reported 79,635 cyber security incidents last year, 5,258 of which were data breaches, with phishing related attacks up 25%. It’s estimated that a singular cyber attack now costs a small business over $25,000, so given everything we know about staying safe online, why are so many of us falling for cyber scams?
Opportunity strikes – the global COVID-19 crisis.
One reason it’s thought that cyber attacks both escalated and became more successful in 2020 was as a result of COVID-19. As the world focussed its attention on the pandemic, restrictions on movement meant many businesses were plunged into remote working with very little time to prepare.
Many had never supported employees working from home before. Some lacked the basic infrastructure to do so, and this combination of confusion and unpreparedness provided the perfect window for cyber criminals to attack.
Upping their game – exploiting the new normal.
Another key contributor to the rise in human related cyber breaches in small businesses is the growing number and sophistication of scams.
Whereas historically cyber criminals snared their mark by impersonating banks and online platforms like PayPal or eBay, now a raft of government-backed schemes has given cyber criminals a new platform to exploit.
As well as impersonating legitimate businesses, hackers have advanced to mimicking the Inland Revenue and the UK government, with emails so difficult to distinguish from the genuine article that even those au fait with phishing are falling victim.
But while phishing accounts for a high proportion of human-related cyber attacks, it isn’t the only cyber security threat small businesses face in 2021.
The most common cyber attacks caused by human error
We’ve already spoken at length about phishing – when someone impersonates a legitimate entity in order to gain access to sensitive details or money. Now let’s look at some of the other ways human error can cost a small business.
Malware – infections from viruses or malicious codes that penetrate company systems can allow hackers to gain back door access to your data.
This type of breach usually results from an employee clicking on a bogus link in an email, connecting to an infected device, or downloading software from the Internet (hackers like to package viruses in with legitimate apps and programs).
If your employees work from their own devices instead of business-issued computers or smartphones this also leaves you vulnerable to a malware attack.
Ransomware – Ransomware adds an encryption to your data, locking you out of your systems so you’re unable to access essential information you need. The hacker then demands a ransom to remove the encryption and re-grant you access.
Small businesses are a popular target for ransomware attacks because they tend to lack the IT integrity of larger organisations, as well as a data recovery plan, and are therefore more likely to pay up.
Like malware, ransomware is spread when a user clicks on a bogus attachment or link, or visits an infected website (often without knowing he or she has done so).
Connecting to unsecured WIFI networks – Unlike password protected networks, open WIFI networks like those you might find in a café aren’t protected by data encryptions. This means that sensitive information you access can be intercepted by opportunistic data harvesters.
Unsecured networks are another common way that hackers distribute malware among unsuspecting victims, together with stealing company passwords and sensitive login information your employees may use to access business applications.
Weak passwords – A strong and unique password consisting of numerals, characters and symbols, is the first line of defence in keeping sensitive information out of hackers’ hands.
Despite this many people still re-use the same password (2 in 3 internet users are guilty of this according to Google) and findings by precisesecurity.com linked 30% of all ransomware attacks in 2019 to weak passwords.
Using an easily guessed password or re-using the same password is something that hackers love. It grants them access to a multitude of platforms and puts sensitive business information you access at risk.
Minimising cyber attacks caused by human error
With so much on the line and huge financial ramifications, preventing a human error-related cyber attack in your business should be one of your highest priorities.
Fortunately, there are a number of quick and effective strategies you can easily put in place to combat human error and protect your company from becoming a target.
Store sensitive data in a cloud
Storing sensitive data in a cloud means it’s protected by the highest security encryptions, while still being accessible anytime you need it. Using cloud-based storage (as opposed to saving information onto your hard drive) also ensures that if a hacker does gain access to your computer your data will be safe.
Implement two-step authentication
Two-step authentication (also known as multi-factor authentication or two-factor authentication) is a simple way to make your IT systems more secure. Instead of just having one password, with two-step authentication you’ll have to pass a secondary layer of security that helps to confirm your identity – typically a link sent to your email or a code texted to your mobile.
You’ll only be able to log in once you’ve passed this second authentication, so even if your password were compromised a hacker would still need access to your email or mobile phone in order to breach your IT security.
Regular staff training
Educating staff on the actions they can take to prevent a cyber attack is crucial. Many employees are unaware of the myriad threats that exist in the workplace and the risks posed by everyday actions they may take in scope of their roles.
Cyber security training not only highlights the behaviours that hackers use in order to trap their victims, it also exposes workplace vulnerabilities and gives your employees the tools they need to protect themselves and your business from an attack.
Issue updates about current scams – raise awareness
One of the biggest defences against cyber attacks on your business is awareness and this means keeping your workforce up to date with any new scams in real time. While you might not have been the target, letting employees know about scams doing the rounds will help your staff become more vigilant.
Hackers know not everyone will fall for their schemes, but they also know that a few will, so they employ the same approach multiple times over until it yields results. By notifying your workforce about current scams, you help to protect your staff from making an innocent error that could cost your business greatly.
Introduce secondary checks and new processes
A common way that hackers attempt to dupe small businesses is by impersonating a known supplier and requesting to change payment details. The unsuspecting (and well meaning) employee updates the payment information, only to discover the request was disingenuous.
One way you can prevent this in your business is by implementing processes that require record changes to be verified. The above scenario could easily have been avoided were the employee to call the supplier, rather than take immediate action.
This is also the reason that many businesses, banks especially, take their customers through a security screening process in order to verify their identity. By having a process of checks in place (and not just taking the person at face value) you can minimise the risk of a cyber criminal gaining access to funds or information illicitly.
Install sophisticated spam filters
A spam filter is designed to weed out junk or emails of a suspicious nature, but many lack the sophistication to recognise when an email is coming from a dangerous source. By strengthening your spam filters you lower the odds of a phishing email making it into your employees’ inbox and the risk that human error can unwittingly allow a cyber threat into your business.
Engage the support of IT experts
As we touched on earlier, one of the reasons small businesses are a target for cyber attacks is because they tend to lack the IT resource of larger organisations, leaving them more vulnerable. However, this needn’t be the case.
Outsourcing your IT to a professional company gives you the technical support you need to prevent a cyber attack in your business. You’ll benefit from round-the-clock monitoring and the latest system updates, so your IT infrastructure is always as secure and resilient as it needs to be.
To find out how this level of IT support could protect your business, call us on 0330 363 0055 or email info@dragon-is.com with the subject: cyber security.