It’s no secret that human error or carelessness cause a large percentage of cyber incidents and data breaches. The OAIC puts the figure at 35 percent*. Therefore, untrained staff pose a big problem to organisations. With cyber-attacks are on the rise, do more organisations need to start treating cyber security as a business problem?
In this article, we explore the “human error” problem in greater detail. We also suggest a solution that’s simple and cost-effective. Cyber security awareness training.
What are the problems?
Many simple security measures are still ignored by organisations and individuals alike. Untrained staff likely do not know nor understand these simple security measures.
Many employees have weak passwords that are seldom changed. Therefore, organisations should implement best practice password management. This will result in employees updating stronger passwords regularly. Instructing employees to choose passwords that are different to their personal passwords is also best practice.
Many employees open, read and action emails too quickly. The professional hacker works on probabilities, knowing that it takes only one careless person to click on a link or attachment that downloads malware.
153 phishing attacks were reported to the OAIC between 1 April 2018 and 31 March 2019.* Cyber security awareness training can help staff to better recognise phishing emails. As well as exercise greater caution and judgement.
Targeting senior managers and executives in spear phishing scams is not uncommon. A skilled hacker will diligently research their target in order to make the phishing email as plausible and authentic as possible. Spear phishing scams are a little harder to detect than run-of-the-mill phishing scams. Cyber security training can help educate team members on what to look out for to assist in detection.
Many organisations allow their staff to surf the Internet during lunch and rest breaks. Problems can arise when employees visit insecure websites. These include those without an SSL certificate or those where malware could be lurking, such as gaming sites, online app stores and bulletin boards. A web-filtering solution or next-generation firewall (NGFW) can reduce organisational risk, but employees should be instructed to avoid such sites in the first place.
Some organisations don’t actually prevent their staff from downloading programs and applications from the Web. Although web-filtering solutions and staff Internet usage policies assist in the management of this, staff should be trained on the dangers of downloading unauthorised programs and applications.
A final word
Educating team members through cyber security helps minimise the risk of cyber incidents and data breaches caused by human error. DC Encompass, a progressive IT services company based in Sydney, assists organisations to design and implement cost-effective cyber security awareness training programs. For further information, please contact us today.