(2 min read)
It’s a startling statistic, isn’t it? But it’s true.
It’s a startling statistic, isn’t it? But it’s true. In 2019, nine in ten of the nearly 2,400 cyber breaches reported to the Information Commissioner’s Office (ICO) were caused by end users.
What’s more worrying is that this is an increase on 2017 and 2018, where user error accounted for 61% and 87% respectively. You can see the latest ICO data security incident trends here.
For those cases reported to the ICO, the main causes of a breach were:
- Phishing scams
- Malware
- Ransomware
- Hardware and software misconfiguration
- Forced password attacks
In some cases, although not directly reported to the ICO, malicious activities by existing or past employees can also cause cyber harm to businesses.
What mistakes do people make?
Of course, scammers and hackers are sophisticated, so in most of these cases, whilst human error is certainly to blame, it’s because users don’t know how to spot the signs. Key things that we humans do to let hackers in include:
- Clicking links in an email from an unknown sender
- Clicking links on unfamiliar websites
- Opening email attachments from an unknown sender
- Using removable storage devices without getting them checked or approved
- Giving out personal details, including PIN details or passwords
- Logging into systems on public wifi
And why do they make them?
People are busy. They often get emails from new sources or newsletters and offers popping into their inbox. Since March 2020, many of them have been working from home, and it’s likely that many will continue this as businesses return to a mix of office and remote working.
All of these things, plus a general lack of awareness about how to check for potential scams or hacks, means that both people and systems are vulnerable.
And scams are sophisticated. So people often click on a link or open a document before they’ve even really thought about it – because the sender’s name seems genuine and the email itself is convincing.
Hackers rely on your mistakes
Cyber crime is an industry. It’s built on very clever people who know how to manipulate others and access well-protected systems.
So your defence has to be equally sophisticated and hard-hitting. And that starts with shutting down – as much as possible – the paths that hackers use to get into your business.
For your people, that’s all about training. Learning how to spot when something isn’t quite right. Understanding what to look for. Having the time to take a proper look at a new email or request before taking any action. And learning that sometimes that action is to report the email to your IT experts so they can check it out.
There are a few very simple things you can do right now:
- Make your passwords longer – add a number and a symbol, and save all your passwords somewhere safe, like a password manager.
- Stay alert and recognise what phishing or ransomware attacks look like so you can take action. Not sure how to do this? Psybersafe training will show you, and build helpful habits so you protect both you, and your company.
The more your people know, believe and understand about their role in protecting your business, the better they’ll be able to do it. And that could help you to make sure you’re not part of those scary statistics.
You can register for a Psybersafe trial today – try us out to see how we can make a difference!
Mark Brown, is a behavioural science expert with significant experience in inspiring organisational and culture change that lasts. If you’d like to chat about using Psybersafe in your business to help to stay cyber secure, contact Mark today. |