When it comes to securing an organisations digital assets there are several approaches to minimising the risk as there is no solving a moving target.
One that is not given the priority is the most obvious and the largest source of risk to a business: people, that is you and me, we are idiots and sometimes we do dumb things (well I do!)
Social engineering. In 2020, almost a third of the breaches incorporated social engineering techniques, of which 90% were phishing. Social engineering attacks include, but are not limited to, phishing emails, scareware, quid pro quo and other techniques — all of which manipulate human psychology to attain specific goals.
https://www.securitymagazine.com/articles/94506-5-biggest-cybersecurity-threats
It is also one of the cheapest, rewarding and easiest to fix, it does not require expensive software tools or it does it require a whole lot of consultancy to resolve. What it does require is time and education but the rewards are much larger than simply securing an organisation, the reward of doing this training flows back out into the community at large and reduces the risk of people being scammed – at least via technology means!
The first example above in Social engineering attacks is “Phishing Emails”, create a simple policy for your company and teach it face to face to every employee….
Company policy states that no financial records are to be sent via email, no user name and password information is to be sent via email and no one in the company including company directors will ever ask for money to be paid via email, and, if you find an email that looks suspect please forward to IT security, if it is a Phishing email and you are the first to send it then you earn $50 or whatever the pleasure might be.
Email is to be treated as not secure and must not be used to send data, there are serious consequences for ignoring this policy because your mistake could cause this company to fail.
Then teach this policy face to face and get every users agreement to the reasons why, not through a “EULA” type message when a user logs in.
Teaching this does not have to be dry, this subject relates back to all of us as citizens at home so make it fun to learn, people remember things when they are taught face to face, they remember things when there is a reward and a risk as well.
Leave a Reply