You can’t load up a tech news source at the moment without seeing the word ‘breached’ somewhere; and for good reason. Attackers are constantly targeting businesses, searching for vulnerabilities they can exploit to siphon away sensitive data. If you think that as an SME you’re exempt from being hacked, you’re wrong.
Why would they focus on you instead of a juicy target like a bank or big business?
The answer is simple: because it’s easier.
Big businesses, corporations and banks have the money and infrastructure available to put together a dedicated cybersecurity team. Whilst some hackers are dedicated enough to find a way past their defences, most will move on to easy prey. It’s far simpler to attack a plethora of smaller businesses deploying out of date or weak security measures.
According to the 2014 Cyber Security Intelligence Index, 95% of data breaches involve human error. Employees across the span of the entire business need to have cybersecurity training. Protecting data isn’t just down to the IT department, it needs to be in the minds of every person in the organisation. Anyone with access to the building is responsible in some way for security.
Hackers utilise sophisticated social engineering techniques to trick people into clicking links, downloading files and giving up details. You can have the best security defences in the world, but if your employees don’t know how to spot a threat, the whole thing can crumble. Training is key to keeping your network secure.
Cybersecurity education needn’t be an arduous task. There are a few easy methods to raise cybersecurity awareness:
That said, investing in professional training always has and likely always will hold the best results for educating people. Companies such as PopcornTraining offer creative, informative and engaging ways to show employees how to identify and deal with various cybersecurity threats.
Cybercriminals commonly exploit human nature in their attempts to gain access to sensitive data. Verizon’s 2016 Data Breach Investigations report highlights the themes that play off human nature:
The same report showed that phishing attacks had become a major concern. 30% of phishing emails had been opened, with a startling 13% of those leading to the click of a malicious link or attachment download. Whilst awareness training won’t completely solve the problem, it will certainly help to reduce the risk. If you can spot a phishing email, you’ll know what to avoid.
Quick tips to identify a phishing email:
You may think these tips are obvious, but the phishing stats speak for themselves. Simple awareness training is all it takes to stop a potentially crippling attack.
The punishments dished out by the ICO for breaching data protection, alongside fines from card schemes for losing customer cardholder data are soon to be joined by sanctions from GDPR legislation. Online threats are increasing in frequency and if you can’t keep your environment safe, you and your customers are going to suffer.