Businesses of all sizes with varying budgets typically have some form of cybersecurity protection whether it be antivirus, firewalls, spam filtering or complex passwordsbut that’s all technology-focused. Many businesses often overlook the significant weakness in their organisation, and it’s the people that are given controls to carry out their duties.
Human error still accounts for 90% of all breaches. By making staff aware of email securitybest practices and user training, businesses can strengthen their defences.
Here are some statistics of data breaches/leaks that have occurred as a result of human error: –
- One-third of incidents in the cloud was caused as a result of social engineering and the target victims not picking up on engineered attacks;
- Reports of UK data breaches to the ICO have increased by 75% compared to just 12% that was a result of a malicious attack;
- A most common error of a data breach is sending confidential information to the wrong recipient. This was the cause of 37% of UK data breaches.
One obvious way to strengthen your cybersecurity is by providing staff training and cybersecurity awareness.
Cyber-attackers are becoming more sophisticated at targeting their victims and with the advancement of instant technology, it is all too easy to send information to the wrong people or the incorrect information.
To strengthen your email security, we recommend the following: –
- Staff training incorporating cyber awareness and email security to help staff identify suspicious emails.
- Check the sender’s details match the email address they usually email you with. For example, look for misspellings in names and the domain such as email@example.com changed to firstname.lastname@example.org.
- Attachments and links. Don’t open anything you are not expecting. Clicking on infected attachments or links can start a chain of events within your IT infrastructure without you realising it.
- If in doubt, ask! Don’t be afraid to challenge email correspondence, whether it is from a client or your director. Chances are they haven’t sent the request, and they are impersonating them and expecting you to follow their instructions without asking any questions. Pick up the phone and call the person directly. Things to look out for: –
- Request to make an urgent invoice payment;
- Request to change bank details of a creditor or debtor suddenly;
- Request to send your password and login credentials. No one needs these but you. Your IT department can reset passwords on your behalf without needing your login credentials.
- Writing style and tone of voice. Email scams usually have some tell-tale signs such as poorly worded English, typos, poor grammar and a sense of urgency requesting you to take immediate action. Don’t be pressured into doing something without double checking first.
Aside from the human element, as an organisation, you can implement processes to further safeguard your employees, systems, data and reputation. Some of these to consider include: –
- Applying up-to-date antivirus protection and software patches;
- An email management solution such as Mimecast to provide email security, spam filtering, continuity and archiving;
- Two-factor authentication (2FA) so employees need an additional layer of protection to access their emails and other systems;
- Mobile device management solution so mobile devices can be remotely wiped should they become lost or stolen maintaining data integrity.