With around 90% of successful cyber attacks due to human error, Mark Brown, founder of Psybersafe, says companies should pay as much attention to training their employees as they do to their IT systems.
Businesses have always been vulnerable to fraud, and today’s fraudsters take it to a different level. Not only that, but their methods and approaches change all the time, making it difficult for organizations to keep pace.
The pandemic did not help. Scammers quickly take advantage of new opportunities, and the virus was a giveaway. Phishing attacks using Covid-related messages have increased by 600% and in a single day Google intercepted 18 million emails trying to exploit our curiosity and concern about the pandemic.
Remote working has also given – and will continue to give – hackers and crooks a great opportunity to do more business. This is because our habits change when we work from home. We no longer receive the daily psychological cues that put us in a “safe first” state of mind – things like key passes to enter the office, no logins or exits. No other person locks their laptop when they leave their desk and no important cybersecurity warning signs from IT.
When these signals are lost, we tend to be more relaxed at home. And the pirates know it. Our wifi connections are less secure. We are more likely to be distracted and we may not report concerns as quickly as we would in the past.
Cybersecurity and teleworking
What does this mean for organizations considering hybrid work? Essentially, this means you need to do whatever you can to make sure your employees take cybersecurity seriously, wherever they work. Here, we share the top five ways that a hacker might get into your systems and what you can do to try and prevent them.
Risk 1: Poorly managed corporate data
Your business is bound by the UK equivalent of GDPR, regardless of where your employees are based. Personal email accounts are often easier to hack into than corporate email accounts, and even hard copy output can be potentially damaging.
Make sure that employees don’t send company or customer data to their personal email accounts, or view or print it if they are using a shared coworking space.
Risk 2: Open wifi networks
Teleworkers are likely to work either on their home wifi connection or in a hot-desking space. If the wifi is not secure enough, hackers can easily gain access to the laptops, tablets and phones that use it.
Make sure that employees configure their home network with WPA2 (Wi-Fi Protected Access 2), a network security technology commonly used on wifi wireless networks and used on all wifi hardware since 2006, which encrypts data during their transmission.
It is also a good idea to recommend replacing the default router password with a much stronger password – preferably a password of at least 15 characters and including letters and special characters like * & ^% $.
Risk 3: Check the equipment
Personal devices generally do not have the same level of protection as corporate devices. Hackers will therefore search for people who are using their own devices. They are easier to hack and that means bigger and better return for the hacker.
Make sure that wherever you can, you deliver the devices your employees use and that those devices get the best possible protection. Ditch all policies Bring your own devices if you can.
Risk 4: cybersecurity is forgotten
As we have said before, the normal cues for cyber-secure behavior do not exist at home. This means people tend to be more relaxed – and this presents a real opportunity for a scammer.
Make sure to send regular messages – via emails, video team meetings, and trainings – to keep cybersecurity in mind. Get your employees into the habit of checking anything unexpected, from email attachments to text messages, in order to maintain a high level of vigilance.
Risk 5: People don’t know what to look for
“This will never happen to me” is the first step towards a cyber disaster. Clicking on a phishing link or opening a seemingly innocent attachment takes less than a second, and we all risk doing it. Scams are sophisticated and seem genuine – that’s why they work.
Make sure your employees know what to watch out for. And more than that, make sure they have the right behavior in dealing with potential cyber scams, so that working safely becomes a habit, not an exception.
The importance of employee vigilance
It doesn’t matter how you plan to work in the future. No matter where they are based, your employees could be the target of a cyber scam. As long as scams continue to work and make hackers money – and hackers make millions from their activities – it remains essential that people have the tools and behaviors they need to spot potential problems. and protect both their personal data and that of their organization.
Flexible working is here to stay, and while it may make your organization potentially more vulnerable to cyber attacks, you should still see it as an opportunity. Just make sure you give cybersecurity the time and attention it deserves – and that means paying attention to training your staff as well as keeping your IT systems secure.
Remember that about 90% of successful attacks are due to human error. Now is a great time for organizations to do what they can to avoid being part of these statistics.