When we think about cyber security, there’s a tendency to focus on the vulnerabilities of hardware and software. However, there are two sides to cyber security: system and human.
Human error has been widely demonstrated as the weakest link in cyber security. According to a report published by Axelos, 75% of large organisations suffered staff-related security breaches in 2015, with 50% of the worst breaches caused by human error.
Companies’ spending on cyber security protection is set to increase by 10% in and by 2020, but the best security technology in the world can’t help you unless employees understand their roles and responsibilities in safeguarding sensitive data.
Below are three signs that your employees should brush up on their cyber hygiene.
1. They’re using weak passwords
Many employees use weak passwords, which hackers can easily guess using methods such as dictionary and brute-force cracks.
In a 2016 study, Keeper Security revealed that the ten most common passwords were almost entirely variations on ‘123456’. When your enemy only needs to test a handful of passwords to find a way in, their job is exponentially easier and faster.
Security technologist Bruce Schneier suggests creating a password from a sentence: “Something like This little piggy went to market might become tlpWENT2m. That nine-character password won’t be in anyone’s dictionary.”
2. They’re clicking on suspicious links
Phishing attacks are one of the most common challenges organisations face in keeping their information secure. According to the SANS Institute, a staggering 95% of all enterprise attacks last year started as a result of spear phishing.
Businesses have a responsibility to their shareholders and customers to effectively teach employees how to recognise and avoid these attacks.
Conducting a simulated phishing attack will offer you an independent assessment of employee susceptibility to phishing attacks, helping you to take immediate action to reinforce learning.
This simulated attack keeps cutting-edge phishing schemes top of mind for employees, and the learning lasts longer than other education methods.
3. They’re divulging sensitive information
Many cyber incidents begin with a phone call from someone posing as a colleague asking seemingly innocuous questions. The person on the phone is an attacker, however, and they are actually gathering information about the company and its operations.
Social engineering is one of the easiest ways to steal data, especially if employees haven’t been trained to recognise and combat it.
Awareness is the number one defensive measure. Organisations should implement a continual training approach. If employees are continually reminded to watch out for social engineering and to be mindful of the information they’re allowed to provide, they will know what to do when an attack occurs.