Why Your Staff Needs to Know About Cyber Security
The threat to businesses from cyber-attacks, particularly through emails, continues to rise. We have looked at the 9 top threats to email security in a previous blog, where common risks are outlined and terms are explained in detail, but this month we will look at how your employees can be the best defence against cyber-attacks and the importance of the whole organisation working together to mitigate the risks.
Email Threats
Are on the Rise
74%
Say email is preferred method of communication.¹
Spam = Phishing
24%
Of all spam emails are phishing attacks.²
Phishing
70%
Increase in phishing attacks in 2022 (up from 63% increase in 2021).³
Cyber Attacks = Small Business
43%
Of cyber-attacks are aimed at small businesses.⁴
Remote Work Threats
80%
Of security professionals reported an increase in security threats since shifting to remote work.⁵
The Human Element
74%
Of breaches involved the human element (e.g. social engineering attacks, errors or misuse).²
What is Cyber Security?
“Cyber security is how individuals and organisations reduce the risk of cyber-attack.”
Every day, in both our personal lives and at work, we use multiple devices to access services like email, banking and social media platforms online. Every application we download or account we register increases our risk of a security breach and cyber security awareness can help us to protect our devices, as well as the valuable data stored on them or online, from theft, damage or unauthorised access.
For a business, cyber security involves taking steps to protect an organisation's data, assets, and reputation from cyber criminals. Although cyber security technology solutions are effective in the battle, it is vital that every employee is aware of the risks and how they can help mitigate them to protect accounts and assets from being compromised.
The damage hackers can do with just an email
Target you with phishing emails to get hold of log in details and financial information.
Create online accounts using your details.
Spoof your email to send harmful malware or money requests.
Steal your identity.
Scam friends, family, and colleagues.
Access and steal financial information to commit fraud.
Locate your home and work address.
Identify who your friends and family are.
Access personal and work email accounts and take them over.
Access online accounts where you
Employees Are Your Biggest Risk & Best Defence Against Cyber-Attacks
A successful cyber-attack on your business can cause downtime, stress, reputational damage, as well as being extremely costly, (cyber-crime cost UK businesses £1,079,447,765 in 2016). If an employee falls victim to a cyber attack, it can be distressing for the employee, and in some cases it can mean the end of a business.
Whilst the IT department can manage security through robust technology solutions, and AI can help to identify ever-evolving threats, cyber criminals are increasingly focusing on staff as the weakest link in the security chain.
Providing staff with adequate protection and training is just the first step in defending your business from a cyber attack. If staff are well informed about how cyber criminals work and the potential impact of cyber attacks, they will be more vigilant and better equipped to deal with cyber attacks when they occur.
Since Pinnaca set us up with
Barracuda Total Email Protection...
Mailboxes are now SPAM free, saving time.
No more sorting through non-urgent or unwanted emails.
Productivity has improved.
We can view and sort quarantined emails in our own time!
Our enhanced email security saved us nearly 50% on our Cyber Security Insurance.
- Pinnaca Client Testimonial, High Street Fashion Retailer.
How HR can help protect against cyber attacks.
Cyber security is not just a problem for IT departments, HR can play a key role in improving security as they are often the first department to engage with joiners and leavers, and are perfectly positioned to communicate and coordinate with everyone within the organisation at any time.
Induction training and staff onboarding is usually carried out by HR, and the importance of cyber security to your business can be effectively communicated and reinforced at this point.
Criminals will rarely carry out an attack on a single individual in the company so the organisation should have a company wide policy for reporting potential attacks and circulating a warning to all staff in place, and HR can own that process. Hackers are persistent and are always coming up with new ways to infiltrate your business and cause your business harm.
Here we look at some key areas where your employees may be a vulnerability and how to mitigate these risks.
Joiners & Leavers
New employees can present an increased risk if not properly trained before they access business systems. However, if an organisation sets out a security-focused tone and outlines potential cyber-risks from the outset it can nurture a culture of security from the outset.
Leavers can also present a risk to an organisation, and it is important to have procedures in place to remove all access and permissions on exit, as well as change passwords to any systems that may still be accessible.
Phishing, Scam Emails & Social Engineering
A company’s or individual staff member’s email address is usually publicly available and offers an easy access point for potential attacks. Criminals may pose as legitimate entities and use malicious links or attachments to access data, or simply request information, such as usernames and passwords. Even if a single employee doesn’t provide all the information for a criminal to gain access, multiple attacks can provide enough information for them to eventually succeed. As well as emails, social engineering attacks may also be used to gain information through social media, mobile phone or texts.
Staff should be on the lookout for tell-tale signs of phishing, namely spelling mistakes in emails, unexpected contact and sender details not appearing to be from who it suggests.
“I’d encourage all CEOs, board members and senior leaders to […] to drive forward the cyber security conversations needed to keep their organisation secure online.”
- Lindy Cameron, CEO, NCSC
User Access
Staff should only have access to data that is relevant for their duties so as to minimise the risk of important information being exposed. Similarly, access to operating systems or the ability to install software or apps should be limited to certain personnel.
User roles can be managed to quickly set and amend a staff member’s permissions and access within company systems to help prevent sensitive data from being accessed or compromised.
Storage of Sensitive Data
Personal or business sensitive data becomes more vulnerable when stored on external drives, USB sticks or even when printed out especially when this then leaves the office. GDPR regulations mean that losing this data may also result in heavy financial penalties.
If data must be accessed remotely, staff must ensure that any drives or documents are secured with strong passwords or encryption. Alternatively, cloud storage means data is accessible remotely without the risk of losing a physical drive away from the office.
How Pinnaca Can Help With Cyber Security
Pinnaca can offer advice about cyber security, assess your systems, and make recommendations. Protecting your business systems and data from security breaches is a priority, and if training is required Pinnaca can work with you to make sure you and your staff are aware of the risks and how everyone within the organisation can work together to minimise them.
Get in touch today to see what steps you can take to arm your staff with the knowledge to protect your business.
Further Reading:
Resources:
¹SendGrid - The Future Of Digital Communications Study
²Verizon - 2023 Data Breach Investigations Report
³Armorblox - 2023 Email Security Threat Report
⁴Accenture - Importance of cybersecurity
⁵Microsoft - The New Future of Work, Research from Microsoft into the Pandemic’s Impact on Work Practices.