Cyber security training is one of the most effective ways of improving your organisation’s defences against security incidents.
It gives staff the wherewithal to avoid costly mistakes and establishes a strong cyber security culture in the office.
Yet, according to a report by Centrify, 77% of UK workers say they’ve never received any form of cyber skills training.
It’s therefore no surprise that so many data breaches are caused by basic mistakes.
Your biggest threat is inside your building
Studies have repeatedly shown than employee error is one of the leading causes of data breaches. This has become more apparent as organisations bolster their protections against criminal hackers but ignore the threat posed by employees with widespread access to the organisation’s systems.
If staff aren’t properly trained, it’s only a matter of time before they misplace, steal or are tricked into handing over sensitive data.
This blog is part of a series to mark European Cyber Security Month. The campaign is designed to boost data protection awareness and help people brush up on their information security practices.
- Lack of education is the leading cause of successful ransomware attacks
- 61% of organisations reported a data breach in 2019
- 23 million people use ‘123456’ as their password
We’re also making it easier than ever for you to improve your cyber security skills, with a range of promotions throughout October, including the chance to win a free place on a cyber security training course.
Centrify’s survey also revealed that 27% of employees use the same passwords for multiple accounts. This encourages brute-force password attacks, which are a type of hack in which crooks bombard targets with login attempts using lists of common passwords.
They can perform these attacks in one of two ways. Their first option is the cyber crime equivalent of cracking a safe: they’ll break into an organisation that has weak security; these are typically the kinds of sites that don’t store sensitive data and can seemingly justify not investing much in their defences.
Web forums are common targets, but any site where you’re only required to provide a password and email address is a likely target.
Once inside, the criminal will try to find a database that matches email addresses to passwords. They’ll then attempt to use these as login details on other sites – ones that do contain sensitive information.
These might be services that you pay for and provide bank details to. Alternatively, it could be a health portal or social media site, which contains enough personal data to conduct good old-fashioned tax fraud.
If you’re among the many people who reuse passwords for multiple accounts, you risk falling victim to these attacks. This is why experts urge everyone to use unique passwords for every account – or, at the very least, use unique passwords for accounts that contain sensitive information.
Cyber criminals’ other approach to breaking into an account is more akin to dynamiting the safe. They’ll take a password-cracking machine, which has a database of common passwords attained through previous database hacks, and set it to work.
The machines can guess a few billion passwords a second, so if you have a password that appears on its list, you can be sure that your account will be breached.
Never underestimate the threat of colleagues
Centrify also found that 14% of respondents leave their credentials written down in a notebook or on their desk. This is concerning, because it only takes the wandering eye of one colleague or visitor passing their desk for their account to be compromised.
This might sound like an unlikely scenario, but it happens – and why take the risk? You should never underestimate someone’s curiosity. Given the opportunity and the assumption that you’d never get caught, wouldn’t you be interested in seeing what a colleague was up to? What they were emailing and instant messaging to people you know?
Even if someone in the premises doesn’t find it, you might eventually throw out that scrap of paper with your password written on it, and anyone can find it.
Boost your cyber security skills with IT Governance
Those looking for cyber security skills training should take a look at our our Certified Cyber Security Foundation Training Course.
This course, which is available in classroom, distance learning and in-house formats, provides a comprehensive introduction to everything you need to know about cyber security in the workplace. It covers common threats, like phishing and ransomware, and explains how to protect devices and respond effectively to data breaches.