The people that make up a business are arguably the most important factor when it comes to cyber security. The most advanced software-based security measures can be rendered useless when employees unwittingly grant criminals access. As a result, a large proportion of cyber-attacks today target the human parts of an organisation’s security infrastructure.
In this blog, we’ll discuss the mistakes made by employees that can lead to security breaches, the associated risks and how they can be avoided.
Human-based vulnerabilities
Many cyber security attacks, such as hacks and data breaches, occur due to phishing. These attacks utilise social engineering techniques to target a business’s employees and gain access to their systems. A phishing attempt will try to trick the user into taking actions online that can compromise business security. We’ll talk about what these actions are later.
Phishing typically takes place in user email inboxes, although there are other variations that business leaders should be aware of. This includes:
Business email compromise (BEC)
Someone gains access to the account of an authority figure and impersonates them. For example, a CEO or financial manager asking someone lower down to confirm certain details. BEC can be done through network access or successful phishing attempts elsewhere.
Vishing
Phishing attacks made over the phone. Criminals will often pose as banks or other trustworthy institutions to convince users to share sensitive information. Vishing can make use of Interactive Voice Response (IVR) technology.
Smishing
Attacks targeted at employees through text messages. Mobile devices tend to be less secure than personal computers and laptops. Phones can still serve as a channel for attackers to access information that relates to a business’s internal structure.
Spear phishing
Unlike regular phishing which targets hundreds if not thousands of individuals, spear phishing focuses on a particular organisation. As a result, this type of attack is tailored to the recipient. Spear phishing attacks may reference recent events/developments within the company to be more convincing.
Clone phishing
Replicas are made of past employee messages, which are then redistributed by the attacker. The only differences will be a slight change in the sender address, as well as the presence of a malicious attachment.
Whaling
Social engineering designed to trick senior members of an organisation, such as managers and those with greater permissions. These people often possess greater knowledge about the business’s operations. Therefore, compromising their accounts or gaining their login details can be more lucrative for criminals.
Common human errors in cyber security
In cyber security breaches, it is not uncommon for the cause to lie with decision-based errors. Here, employees often lack the relevant knowledge and skills around a scenario which means they can be exploited. As a result, they fall victim to social engineering techniques. Other times attacks are successful because of skill-based errors. These stem from general negligence, tiredness, or lack of attention when completing regular tasks.
Find out more about The importance of cybersecurity awareness training.
Weak passwords
A weak password can grant access to an entire network, as well as valuable data storage areas. Especially when employees end up using the same or similar password for multiple accounts. Nowadays, cyber-attacks can use automation to make attempts on passwords with far greater volume than they ever could manually.
Using shared networks
Shared Wi-Fi networks cannot be regulated by your business. You cannot control who connects to it and you cannot prevent users from taking certain actions. For instance, visiting insecure sites with malicious content, or participating in malicious activities. This creates security risk that can affect users within your company.
Clicking links
Almost all phishing attacks will contain links that trigger a download when clicked. These links are the means by which malware and ransomware can infect a business’s systems. They can also take users to websites where malicious cookies are downloaded onto their device. A phishing message will disguise links by stating they lead to official/trustworthy locations.
Using old software
Operating systems that haven’t been updated can create vulnerabilities. This is because many updates are rolled out primarily to fix security issues. As a result, older systems are less likely to be able to withstand a modern cyber-attack. It just takes one piece of outdated software to compromise the security of an entire network.
Old software can also result in system failure as it experiences compatibility problems with newer systems. This causes disruptions in the business’s operations.
Sending information to the wrong person
It happens more often than you think. When people are busy and stressed, it can be easy to forget to check the recipient address is correct. Then, once information is sent it’s difficult to reclaim. The risk of sending information to the wrong recipient is heightened by email auto-fill features.
Risk can arise even if a user sends an email to the correct person, but it’s the employee’s personal address. It’s unlikely that they access their personal email on a device that’s as secure as their work one.
Expert cyber security services
There are many options for cyber security companies UK. However, not all of them will take the people-focused approach that CyberWhite does. Our cyber security services uphold our core values of quality, integrity, and teamwork.
Contact us for a free security check today.