How we can avoid being ‘cyber idiots’
The weakest link in your armour against cybercrime isn’t your software or hardware – it’s your staff. Human error is thought to be responsible for a staggering 70% of data breaches, and cybercriminals know it. So, how can we stop doing things that play into their hands?
You might be forgiven for thinking that cybersecurity is a matter of common sense. But ask yourself: how many accounts do you use the same password for? When was the last time you ran a backup? And how many times have you clicked a link in an email without knowing its sender?
Don’t be a password pinhead
Passwords are a perennial problem, often giving hackers easy access to your data without breaking a sweat. Popular easy-to-guess passwords include ‘password’, ‘admin’, ‘123456’ and ‘letmein’. It doesn’t take a genius to try these. That’s what opportunistic cybercriminals do, trying a range of common passwords on millions of accounts. And it’s a method that still works, granting them access every five to six thousand times they try.
The reason? Simple, common-garden human laziness.
A lot of people forget their password and then just use the temporary password given by their IT department. These temporary passwords might not expire for a month or more, meaning that an organisation might have tens or hundreds of staff all using the same password. It’s no wonder that cybercriminals still view password scraping as among their most lucrative forms of attack.
- Use as long a password as you can – at least eight characters
- Choose a mix of upper and lower case text, with symbols and numbers
- Don’t use easily guessable words – names of pets, spouses, children, sports teams…
- Never share your password with anyone – treat it like your PIN code
- Use different passwords for different services
- Switch on multi-factor authentication (MFA) where possible
- Look into using a password manager to encrypt your login credentials and hold them securely in one place.
Don’t be a malware moron
How often do you click on a link or download content when you don’t know for sure that the source is legitimate? Often these links are laden with malware, designed to burrow deep into your business’ systems, steal data, or take remote control of devices.
And it’s the simple stuff that works best for cybercriminals. Nearly all malware links are not targeted to anyone in particular. Mostly, there are no clever tricks used to deceive users. Criminals instead rely on the flaws in human behaviour we all share – creating a sense of urgency to make us act without giving it too much thought.
It’s thought that 70% of data breaches start out as a link mistakenly clicked by a hapless user, giving hackers open access to do whatever they want on a network.
Get cyber aware
Human mistakes might be a key vulnerability in your business, but they’re also your first line of defence against cyberattacks. Teach your staff what to look out for and how to act when they spot something suspicious, and you’ll be able to respond quicker to stop the spread of an attack.
We offer cyber awareness training designed to engage your teams in protecting your business. They’ll learn common tricks used by hackers, become more vigilant while they work against tactics like phishing attacks, and know how to deal with anything as and when it happens. In a serious breach, that could save your small business from catastrophic loss of data, custom and reputation. Contact us to find out more about cyber awareness training.