Cybersecurity is everyone’s business

Cybersecurity is not just for IT professionals, it’s become everybody’s business and so it should.

It’s of increasing concern that cyberthreats are on the rise, and becoming ever more sophisticated to undermine the safeguards businesses put in place. But the added concern is also how much employees are often unaware of themselves as a potential target, and clueless about what to watch for when it comes to a phishing attack or other security breach attempt.

Do your employees know how to spot a phishing attack?

According to the UK government’s recent Cyber Security Breaches Survey, 39% of businesses identified a cyberattack in the last 12 months, which is around one in four businesses, and around a quarter of charities identified a cyberattack. Out of all the UK businesses that identified a cyberattack, 83% identified the attack as phishing.

Employees who are untrained, or lack awareness in how to spot a phishing attack pose a particular weakness for a business’s cybersecurity. You can have all the malware protection, firewalls and secure networks in the world, but if an employee responds to a spoof email, text, call or letter asking for bank details, pretending to be a client, or even the bank itself – the cybercriminal has a breakthrough.

There’s substantial advice available on how to spot a phishing email and how to stay safe but do your employees know and do they care? The challenge is for businesses to instil vigilance and knowledge via effective training, but also to create a safety culture.   

Half of breaches caused by those with access

To further compound the problem, around half of all security breaches are caused by individuals who have access to business systems and data.

As much as this is uncomfortable to acknowledge for many organisations, it’s time to recognise and address the potential disconnect between employees and safety if they are to really guard against the rising number of threats.

Employees increasingly targeted

Cybercriminals will purposely target frontline employees, even senior personnel with often personalised attacks. Just think how much personal information can be found online! You don’t have to look much further than the average LinkedIn profile for a wealth of data, from an email address to connections, to history and future plans.

It doesn’t take too much work to socially engineer a believable situation to unsuspecting employees, resulting in a security breach.

Why don’t firms train employees in cybersecurity? Don’t fall into the trap

Unfortunately, for many, security awareness has turned into a tick box, once a year exercise, which does not do anything to inspire anyone in promoting a safety culture.

Added to this, firms typically invest in tech, but not training. Anti-virus software, patching, VPNs, vulnerability scanning may very well all be in place, but, a regular programme of effective training may not be.

Turn the situation around

It may be something that’s easily put off, starting the training that will protect you from hapless employees clicking rogue links and infected attachments, but nothing short of action will turn this situation around and stop your workforce rendering your organisation vulnerable.

Many employees will also assume the organisation they work for is already protected with measures put in place by their IT department, and, unfortunately, may be unaware of the consequences of clicking something that could implicate them in a security breach.

Social engineering through phishing malware and targeted attacks is on the rise for all organisations and with every day that passes, the risk increases. Is it time to clue-up your workforce about cybersecurity?

< Read more articles on our IT Academy