More than a quarter of successful hacks are caused by simple human mistakes or carelessness, according to a recent report. In the 2019 Global Encryption Trends Study, human error was listed as the single biggest cyber security risk to businesses worldwide. So, is it time to strengthen your first and last line of defence: your employees?
Cyber security is often described in terms of hardware and software – but that neglects the human element behind all the technology. ‘Human firewall’ is a concept designed to empower teams to take control of protecting their business. It’s a clear commitment by staff to follow best practices, seeing themselves as an important line of defence, and reporting data breaches or suspicious activity proactively.
Don’t just rely on antivirus software or network protection. Phishing attacks alone have affected more than 75% of businesses in the last year. They work by convincing a member of your team – typically over email – to hand over their usernames, passwords, financial or sensitive business data by disguising themselves as someone trustworthy. It’s a major problem, caused by cunning, increasingly sophisticated attacks and lax security behaviour from employees. To reduce this risk, simply make your workforce more vigilant. Here’s how:
Put everything down on paper – from creating hard-to-guess passwords, to what to do with accessing company information on personal devices. This can quickly become overwhelming, so it’s useful to focus on strengthening only a handful of weaknesses at a time.
Reward your team for being a working part of your human firewall. It can be as simple as recognising individuals who spot phishing emails, or offering prizes or awards. Like most things, public validation and attribution can be powerful motivators.
It’s important that your human firewall extends beyond your tech team or IT contractors. In particular, MDs and senior staff are often the subject of ‘spearfishing’ scams, designed to steal your most sensitive information.
We offer cyber security awareness e-learning, which has been crafted to plug the gaps in your team’s knowledge so they can make the correct decisions when it comes to protecting your business’ data. Interactive, online and engaging, it’s a great way to make sure your staff are equipped with best practices – as well as demonstrating your commitment to compliance to regulators.
Good cyber security practices shouldn’t end after training. The threat landscape is ever-evolving, so you’ll need to keep on top of what’s emerging to keep your staff vigilant to the latest risks. Make it part of your onboarding process, and send briefings round every time a new threat hits the news.
We recommend testing your defences on a regular basis. We offer phishing simulations, where a dummy suspect email is sent round your staff to see how many click it. It’ll give you a tangible measure of how far your cyber security awareness efforts still need to go.
We understand cyber security involves managing risk, and it’s more about human behaviour than technology. We can help you strengthen your ‘human firewall’ – arguably the most important weapon in your cyber security arsenal. Talk to us today about cyber security awareness training.