You cannot afford to risk human error compromising your cyber security
In spite of the ongoing evolution of cyber security processes and technology, human error is still responsible for 95% of data breaches1. Phishing attacks alone represent a particularly insidious risk, with 91% of organisations experiencing a successful attack in 2021 alone2.
All staff must be made aware of the latest threats and - equally importantly - understand their part in preventing serious breaches. While an effective email filtering service will certainly help here, you cannot afford to assume that fraudulent emails will never get through and that no member of staff will respond to it in a moment of poor judgement.
Consider the following, and ensure all staff have been trained and tested on them:
Employees must be able to spot the tell-tale signs of a phishing attack
In spite of the growing sophistication of cyber criminals' strategies, there are still a few typical warning signs to look out for when establishing whether a communication can be trusted or not. These include (but are not limited to):
- Poor punctuation, grammar, and presentation (e.g. misaligned or poor quality images and logos)
- Using a generic form of address rather than the recipient's actual name (e.g. 'Dear customer')
- Thinly veiled threats or ultimatums, urging the recipient to part with their details (e.g. 'Please respond within 24 hours to secure your account')
- Messages claiming to be from high-ranking individuals, from email addresses that do not match
- Misspelt or incorrectly formatted company names in the 'from' address
- Requests to forward sensitive information directly by email, rather than through the approved, secure processes
Ensure there is a reporting process in place, and that all staff are familiar with it
Encourage staff to manage their digital footprints, both in and out of work
Access must be controlled on a per-user basis
At the very minimum MFA should be in placed for staff at all levels, with all users given the minimum number of access privileges they need to undertake their duties. This will help minimise the reach of any successful attacks.
If you are looking to optimise your existing cyber security training or develop a new programme to accommodate the very latest best practice and current threat intelligence, do not hesitate to contact Exponential-e's Cyber Security team.
Cyber Security Capabilities
Read our comprehensive guide to understand how our Cyber Security eco-system can help protect your organisation from the latest cyber threats.
When you subscribe to the blog, we will send you an e-mail when there are new updates on the site so you wouldn't miss them.