Why does cybersecurity require staff education?


How can we minimise cyber-attacks?

It would seem the simplest way to prevent cybersecurity issues is by having a reliable network security provider and quality (non-free) software to manage intrusion attacks. It would, except your team often leave the front door wide open by their unsuspecting actions. Did you know, more than 60% of cyber insurance claims are due to social engineering? Attacks that you or your team let in without realizing it! Let’s explore how you can keep your network, data, and team safe online wherever they are. Don’t worry; this won’t be a boring ride. We have some practical and straightforward tips to keep you cyber-safe!

What is endpoint protection?

Firstly, you should do your best to keep the risks of a cyber-attack at bay. One of the best ways to do this is by installing a paid-for endpoint security package. Commonly known as antivirus software, endpoint security provides much more than just virus protection these days. Endpoint security solutions like Acronis or Webroot can protect your employees by monitoring sites and links visited – not in a Big Brother way (1984, here we come). Instead, they ensure they don’t visit a known website to have malicious intent.

Will free antivirus work?

Microsoft BitDefender is a great place to start. Microsoft added this back in the Windows XP days to help with the rise of cyberattacks, but it likely won’t help you as much as you’d like to think. Microsoft is a specialist in operating systems (Windows) and productivity suites (Office 365), not security. The frequency of security updates for Microsoft Windows should be enough to show that they have their hands full just keeping on top of software updates for Windows rather than focusing on security software to protect users. Sure, BitDefender is better than nothing, but it’s not our first choice.

What about other free antivirus software like AVG Free and Avast? These guys want you to download their free version and try to sell you their paid versions anyway. The question to ask here is whether their software is the best in the industry to keep your business data safe and secure? We don’t think so. They’re good options for home, but we’ve found viruses on home networks using these two products, and often more than one virus. The enterprise-class endpoint security products we use have discovered viruses.

What is social engineering?

You will have heard of phishing campaigns via email or phone call. These are types of social engineering attacks, and they’re becoming more sophisticated. You will already be familiar with the Advance-fee scam, otherwise known as the Nigerian Prince or long-lost-cousin scams. The message is the same… I have funds for you, and in order to release these funds, I need you to pay some legal fees.

These types of scams are becoming better at extracting cash. If you attend a church, you’ve probably heard of or seen the Pastor scam. This scam involves an email that appears to come from a church pastor requesting urgent funds to help with some pastoral needs. More than one churchgoer has fallen for such a scam. Now you might be thinking I’d never fall for such a thing, but you’d be wrong. These types of scams use information from various sources, including your social media account. Often they are so elaborate they include names and details of many people you know personally. They know if they’ve been on holiday recently, the names of children, ages and recent parties. Yes, you’d be surprised the information treasure troves social media is for cyber-attacks!

What about less sophisticated attacks?

If I send you an email, I can track whether you’ve opened it and how many times you’ve opened it using a simple tracking program. These can be great for business emails but can also be used by cyber-attackers to establish if your email account is active. Hackers can use this kind of attack to send additional payloads for you to interact with. We’ve all signed up for a free download of some PDF guide, which is all harmless, but the same approach can be used to get you to download something other than the PDF you’re expecting. Remembering these cybercriminals have access to more information about you than you might think possible, they can likely target you with the kind of information you’d be interested in. They only need to include it inside a zip file to get you to download something you weren’t intending.

What is penetration testing?

One way to help teach your staff about the importance of cyber-security is to run a “pentest”, or penetration test. These tests involve one of two small attacks:

  1. Leaving a USB stick in reception and waiting to see how long it takes for the USB stick to be inserted into a computer.
  2. Sending one or more emails to see if someone “bites” at the bait.

In both of these types of tests, it’s not uncommon for even the most hardened employees to fall prey to these kinds of attacks. When we’ve spoken with companies that do this kind of work for large companies around the world, it usually takes less than 20 minutes to “get in”. In most cases, these employees have already attended some kind of format cybersecurity training!

What can you do to keep your network and data secure?

If you don’t have IT support already, an IT Audit is an excellent place to start. If you have ad hoc or break-fix IT support, and IT Audit will likely find issues that need addressing. If you’re not happy with your current IT support, we can discuss your needs with you, as an IT audit might not be the best approach.

Once you’ve got a picture of what is going on in your network, you can secure the holes and put a plan in place to upskill your team to be aware of these kinds of attacks. Any education is better than none, just as much as some protection is better than none.

Our IT Audit will let you know what is running on your network and help inform the next steps you should take. When we run an IT Audit, you’ll be aware of your risk and decide how you’d like to proceed. You are in control every step of the way. Yes, we’d love to take care of your IT services, but we aim to help educate you first about why you might like to work with us.

Like what you're reading in our blog? Why not get a FREE audit.