Approximately 88 percent of all data breaches can be attributed to employee errors or missteps, according to researchers from Stanford University. IBM’s recent study even suggests that this estimate could be as high as 95 percent.
The prevalence of employee-caused breaches begs the question: why are these numbers so alarming? The answer lies in the fact that cyber criminals possess a deep understanding of human nature and exploit it at every opportunity.
While investing substantial amounts of money in upgrading technical defenses may seem like a logical response, it is equally important to consider allocating resources towards comprehensive employee training. Although the notion of training may evoke a sense of skepticism or indifference, it is worth noting that unlike traditional HR-based programs, a well-designed training regimen can yield tangible and cost-saving benefits.
To illustrate the gravity of human error in the realm of technology, consider the analogy of forgetting to engage the emergency brake when parking on a hill. In a similar vein, we are all susceptible to being outsmarted by cyber thieves. Let’s explore a few ways in which this vulnerability manifests.
Password re-use is a widespread problem, as evidenced by the National Centre for Cyber Security’s 2019 report, which revealed that “123456” continues to reign as the most popular password globally. Additionally, a staggering 45 percent of individuals reuse their main email account password across multiple services. Employing a password vault solution like 1Password or LastPass is highly recommended, as they generate complex passwords that do not burden users with the need to memorize them.
Social engineering represents another significant threat. In 2016, a major manufacturer fell victim to a scam that resulted in the loss of 44 million dollars. Cyber criminals impersonated one of the company’s executives through email and duped the finance department into wiring money to an institution in Romania. The funds were swiftly stolen and redirected to a bank in the Czech Republic. This type of fraudulent activity is alarmingly common among small businesses.
Failure to download patches and updates poses yet another vulnerability. Hackers frequently exploit weaknesses in widely used Microsoft products. The infamous Wannacry Ransomware attack, which inflicted significant damage and financial losses on countless organizations, could have been prevented if the patch for the exploited vulnerability had been applied. Unfortunately, many individuals hesitate to download updates due to understandable concerns. It is crucial to educate users on distinguishing between authentic updates and potential threats and to establish a clear process for verification with their IT administrators. Documenting this process and making it accessible to all users is highly recommended.
Using public Wi-Fi networks exposes systems to numerous risks, including identity theft, business email compromise, malware infections, password theft, unauthorized access to confidential information, ransomware attacks, and takeover of online banking accounts. As a general rule, it is advisable to refrain from using public Wi-Fi altogether.
Access control plays a pivotal role in data security by allowing businesses to manage authorized access to company data and resources. Granting access control to unauthorized individuals is akin to handing them the keys to your entire business. Therefore, strict control and vigilance in this regard are paramount.
Phishing, a fraudulent practice involving the sending of deceptive emails or messages purporting to be from reputable companies, remains a persistent threat. These messages aim to extract personal information such as passwords and credit card numbers. Educating employees and modifying their behavior is crucial in combating this tactic, and regular, interactive training sessions are an effective means of achieving this goal.
In conclusion, changing employee behavior is essential, and training represents the most effective approach. It is vital to ensure that training is consistent and scheduled more than once a year. For interactive and comprehensive training solutions, ControlAltProtect offers their services. For more information, please feel free to contact us via email at info@controlaltprotect.com.