New research from the 2022 UK Cybersecurity Census Report suggests that the average UK business will be attacked 44 times each year, or in other words, more than three times every month. Yet, as cybercrime and instances of fraud continue to grow at double-digit annual growth rates, it must not be understated how important it is to ensure that your organization’s digital environment is as secure as it can be.
As well-resourced mid-tier and large organizations become better defended against cyber-criminals, SMEs are increasingly falling vulnerable to cyber-attacks. A recent report from Barracuda suggests that businesses with less than 100 employees receive 350% more social engineering attacks than larger organizations. Yet, regardless of the size of your business, much more needs to be done to stay secure against the onslaught of attacks that are only becoming bigger and more frequent.
People vs Technology
As we honor the 19th National Cyber Security Awareness Month, this year’s theme, ‘See Yourself in Cyber,’ highlights how important it is for every individual in an organization to know the part they play when it comes to maintaining strong cybersecurity. Safety starts and ends at the user level, and as much as an IT department can take steps to secure the business, employee education and advocacy will be the most effective way to reduce the impact of cyber-attacks. Relying solely on technology to protect you is a mistake – you should also consider installing a protective DNS (PDNS) to further mitigate risk. Almost every crime starts with an employee clicking on a phishing link and exposing company data, so staff training and awareness can be just as effective as expensive protective software.
This might sound all well and good, but education is vital, so it is important that such training sessions are a regular staple in the corporate calendar and that all employees are engaged. As 74% of US companies work with some form of a hybrid model, it’s understandable that the line between work and home lives can blur, which comes with additional risks. Most of us are more lax with security measures on our personal devices than those that we use for work purposes, but we are increasingly seeing employees using a mixture of both corporate and personal machines. Protecting all of your devices is essential for business survival against cyber-attacks.
COVID-19 provides a great metaphor for this: wearing a mask might not help the wearer as much as it helps to keep everyone around them safe. For example, a hacker may access an employee’s personal device at home, knowing that it might be connected to a business email or system. Even if they can’t gain access immediately, the criminal still benefits by waiting for the day that their malware is eventually connected to a corporate environment and they have access to the big prize.
Cyber Can Be Cool!
However, it needn’t be this way, and by helping stakeholders to understand the importance of their individual roles and the impact they can have on the wider business, the likelihood of a devastating cyber-attack is significantly reduced. The four behaviors of this year’s Cyber Security Awareness Month are a great place to start with this education:
- Think before you click – scammers will send links that, once clicked, can install malware and gather confidential business information. These attacks may result in businesses losing thousands of dollars each time, so always understand where links are directing to before clicked, and if it feels wrong, it probably is.
- Update your software – by configuring their PDNS, adopting DMARC, and most importantly, by updating software regularly, an organization will have the most recent protection against known threats. Keep software update alerts on, no matter how annoying they may be!
- Use strong passwords – it’s no longer good enough to rely on the name of a first pet or the street you grew up on to keep data safe. It’s much better to create a nonsense phrase with multiple capitals, numbers and punctuation as possible.
- Enable multi-factor authentication (MFA) – last year, 37% of technology businesses were using MFAs to add extra layers of security to their login portals. By ensuring that only known users are accessing their systems, the chance of unauthorized access to secure information is significantly reduced.
We can all do so much better to engage our teams with cyber safety. The notion of mandatory cyber security training may send chills down your team member’s spines, but it is an interesting topic – some attacks can be genuinely impressive and educating employees on the impact that simple preventative measures have can be exciting! Being cyber-aware is a badge of honor and everyone should play their part in adding resilience to our digital defenses.