Why you might be the biggest threat to your cyber security
Whilst the common Coronavirus farewell of ‘stay safe’ has slipped into the language almost overnight, it’s worth pointing out that right now it’s a good warning for more than just your health.
Cyberspace piracy is rife, with scams and cyberattacks, already being conducted on an industrial scale, spiking massively during the pandemic and aided because people are working from home.
And the biggest problem area in any IT network is likely to be the ‘chair/keyboard interface – in short, it’s you.
To put the problem into some kind of perspective, let’s consider how many attacks there are. Cybercrime magazine estimated that Asia-Pacific companies were subject to cyber threats every minute, around the clock.
Data losses can be immense, as can reputational damage, especially to those organisations protecting people’s personal data.
Cisco says implementing effective cybersecurity measures is particularly challenging today because there are more devices than people, and attackers are becoming more innovative.
Technology alone won’t work
Technology has some of the answers, providing computer security tools such as next-generation firewalls, DNS filtering, malware protection, antivirus software, and email security solutions, which can be applied computers, smart devices, and routers; networks; and the cloud.
But none of those, no matter how effective, can overcome human error. Even in the writing of this blog, our blogger Stuart Pearcey received an email from QuickBooks asking for payment of an invoice. It was clearly someone trying to steal money; he doesn’t use QuickBooks, so the email went into the bin. Others may not have been so careful.
Cyber criminals rely on people being trusting when they hunt for confidential data such as usernames and passwords, which, once harvested, can be used time and time again to siphon away money. Data breaches like these can continue to do their illicit work for months before anyone realises what’s going on.
The invisible hack
The latest scam is to hack into an email account, and send a fraudulent email alerting a finance department, for example, to a change in bank account details. Since the email comes from a trusted source action is taken, and funds are diverted. The cleverest security software won’t discover a problem, because there isn’t one. The email will look genuine because it is; at all levels. The way to beat that is to have human intervention; to make people think more about what they’re doing. A phone call to the originator of the email changing bank account details would instantly highlight the issue. Increasingly, software is doing this for us as companies build in more security. The latest layer of protection is two-factor authentication. This is the requirement to key in a code, sent to another device, without which a transaction can’t continue.
Our advice to every SME, when it comes to cyber security, is: Trust No-one.
- Invest in the best security you can, from a reputable specialist company with approvals from the industry.
- Encrypt your data.
- Don’t give everyone access to everything
- Use complex passwords
- Teach everyone to be suspicious, all the time
Stay safe & healthy!
Picture: Roobcio | Dreamstime