With around 90% of successful cyber attacks down to human error, Mark Brown, founder of Psybersafe, says that businesses should be paying just as much attention to training their people as they do to their IT systems.
Businesses have always been vulnerable to fraud, and today’s fraudsters are taking things to a different level. Not only that, but their methods and approaches are changing all the time, making it difficult for organisations to keep up.
The pandemic hasn’t helped. Scammers are quick to take advantage of new opportunities, and the virus was a gift. Phishing attacks using Covid-related messages rose by 600% and in one day alone, Google intercepted 18 million emails trying to exploit our curiosity and concern about the pandemic.
Remote working has also given – and will continue to give – hackers and scammers a great opportunity to do more business. That’s because our habits change when we work from home. We no longer get the everyday psychological signals that put us in a ‘security first’ frame of mind – things like key passes to get into the office, no signing in and out. No seeing other people lock their laptops when they leave their desks, and no big warning signs about cyber security from IT.
Faced with the loss of these signals, we tend to be more relaxed at home. And hackers know this. Our wifi connections are less secure. We’re more likely to be distracted, and we may not report worries as quickly as we would have done in the past.
Cyber security and remote working
What does this mean for organisations considering hybrid working? Essentially, it means that you need to do as much as you can to ensure your employees are taking cyber security seriously, wherever they’re working from. Here, we share the top five ways that a hacker could get into your systems, and what you can do to try and prevent them.
Risk 1: Mishandled company data
Your business is bound by the UK equivalent of GDPR regardless of where your employees are based. Personal email accounts are often easier to hack than organisational ones, and even a paper printout can be potentially damaging.
Make sure that employees don’t send company or customer data to their personal email accounts, or display it or print it out if they are using a shared co-working space.
Risk 2: Open wifi networks
Remote workers are likely to either be working on their home wifi connection, or at a hot-desking space. If the wifi isn’t secure enough, hackers can easily access the laptops, tablets and phones using it.
Make sure that employees set up their home network with WPA2 (Wi-Fi Protected Access 2), a network security technology commonly used on wifi wireless networks and used on all wifi hardware since 2006, which encrypts data as it is transmitted.
It’s also a good idea to recommend changing the default router password to something much stronger – preferably a password that is at least 15 characters and includes letters and special characters like *&^%$.
Risk 3: Control the hardware
Personal devices don’t tend to have the same level of security protection as company ones. So hackers will be looking for people who are using their own devices. They are easier to hack and that means a bigger, better return for the hacker.
Make sure that, wherever you can, you provide the devices that your employees use, and that those devices have the best possible protection on them. Abandon any Bring Your Own Devices policies if you can.
Risk 4: Cyber security gets forgotten
As we’ve said already, the normal cues for cyber-secure behaviour don’t exist at home. This means people tend to be more relaxed – and that presents a real opportunity for a scammer.
Make sure that you send regular messages – via emails, team video meetings and training – to keep cyber security front of mind. Get your people into the habit of checking anything unexpected, from email attachments to text messages, so that you are keeping vigilance levels high.
Risk 5: People don’t know what to look for
“It will never happen to me” is the first step towards cyber disaster. Clicking on a phishing link or opening a seemingly innocent attachment takes less than a second, and we’re all at risk of doing it. Scams are sophisticated and look authentic – that’s why they work.
Make sure your people know what to look out for. And more than that, make sure they have the right behaviour towards potential cyber scams, so that working safely becomes a habit, not an exception.
The importance of employee vigilance
It really doesn’t matter how you are planning to work in the future. Wherever they are based, your people could be the target of a cyber scam. As long as the scams continue to work and continue to make money for hackers – and hackers make millions from their activities – it remains vital that people have the tools and behaviours they need to spot potential issues and protect both their individual and their organisation’s data.
Flexible working is here to stay, and while that makes your organisation potentially more vulnerable to cyberattack, you should still see it as an opportunity. Just make sure that you give cyber security the time and attention it deserves – and that means paying attention to training your people as well as ensuring your IT systems are secure.
Remember, around 90% of successful attacks are down to human error. Now is the perfect time for organisations to do what they can to avoid being part of that statistics.