Cyber Security Blog

Stay ahead of the curve with industry trends, cutting edge tech and inventive strategies.

One Click Away from Business Success or Failure?

You would take the precautionary measures to ensure your staff are aware of fire exits and health and safety procedures but would you make sure they are cyber-aware?

It takes one click to secure a deal.

It takes one click to market your success.

It takes one click to compromise your business. Which click will it be?

You would take the precautionary measures to ensure your staff are aware of fire exits and health and safety procedures but would you make sure they are cyber-aware?

If cyber-crime is capable of:

  • stealing and/or leaking company data
  • diminishing your company’s reputation
  • result in lost revenue from customers who now question the trustworthiness of your business
  • cause employees to resign because their data has been released

then why isn’t cyber-awareness as important as other staff training procedures?

Tony Dyhouse, cybersecurity director at the UK Technology Strategy Board’s ICT Knowledge Transfer Network says, “those who attack us have no wish to spend a lot of time and money defeating our technology. They attack the user, which is much easier.” So the naïve user can be viewed as holding the doors wide open for strangers to enter your business.

A recent report from Intel Security has elucidated some shocking statistics:

60% of firms failed to provide any security training for receptionists and other front of house staff

1 in 10 UK firms did not provide security training to any of their employees.

This is the highest rate of failure across all the European countries surveyed.

With the number of suspect websites growing by 87% from 2013 to 2014 and increasing still, untrained staff are more susceptible to making costly mistakes such as opening emails from unknown senders and blindly clicking on website links. With just one click your business could suffer devastating consequences.

The rise of BYOD (bring your own device), such as laptops and smartphones in the workplace further increases the risk of cyber-crime (read more here in our previous blog: https://equilibrium-security.co.uk/whats-new-in-the-world-of-cyber-security/). Downloading what may look like a legitimate app may actually be threatening as seen last week when Google blocked a malicious app which disguised itself as a popular programme on Play Store.

By now many people are aware that they should not click on emails which claim to be from a bank or with subjects such as “you have won £1000!” However, tactics by hackers are becoming more sophisticated especially through the use of “spear-phishing”. Similar to phishing emails, these emails include a malicious link but differ in that they target a specific person. The attacker uses information gleaned from social media to personalise an email to an individual. People are much more likely to open an email with personal information in the subject and so methods of social engineering are more frequently used. Not only will people open these emails, they may also open attachments or give away further information by replying to these emails because they seem trustworthy.

Not everyone will think of these threats just discussed or even be aware that many things on the web are not what they may seem. Therefore, it is important to train your staff so they are vigilant not vulnerable to cyber-crime. The Government offers free online training courses tailored for you and your staff which take around 60 minutes to complete. Visit www.nationalarchives.gov.uk/sme to find out more and take the course.

Dyhouse offers some great advice in staff training:

“Avoid the temptation to try to turn all your staff into security gurus. Nothing quite beats real-life examples, especially if they are family focused.

We make a lot of mistakes in the security industry,” he adds. “We make things too complex. We expect people to be interested. There are just two very simple rules, and if everyone followed them we would cut out 80% of attacks. The first is ‘Don’t open attachments.’ The second one is ‘Don’t follow links from emails.’ There is no reason we can’t change these behaviours.”

Everyone in a business is responsible to protect it. Staff training and awareness should take place but this cannot be done wholeheartedly until you as a business realise the cyber-threats that are out there and take appropriate actions to secure your business. Don’t let one click be the result of all your hard work. Don’t let one click compromise your business.

Latest posts