Today’s IT environment has changed drastically. Security protocols are more critical than ever before. From the introduction of new technologies such as IoT devices to employees’ transition to a WFH environment, businesses are dealing with many new threats, with even more on the horizon.
Most organizations understand online risks and protect their people with the latest hardware and software. Unfortunately, many companies only focus on tools that cover the perimeter, manage endpoints, and patch their systems. These are all well and good, but many companies miss one key element in their cybersecurity strategies: circumventing human error.
People can be the greatest threat to the defense of business information. Industry experts and researchers attribute 95% of cyber breaches to human error, and both executives and policymakers agree that employees pose the most significant risk.
Typically, users focus on their own work responsibilities and have little regard for information security. Employees often increase the attack surface by using personal devices and utilizing unsecured networks while operating offsite. Perhaps unsurprisingly, many breaches start with a user accidentally installing crypto-malware or granting administrative access to a scammer through email communications.
Why does this happen so often? Quite simply, the lack of user security awareness and training keeps cybercriminals coming back for more. Without the right knowledge, employees will make mistakes.
Attack Vectors
Well-meaning employees can cause a data breach in a matter of seconds by falling for one of the many social engineering techniques. Here are some of the most common schemes your clients’ employees and other system users will undoubtedly face.
- Phishing attacks are by far the most common technique by which cybercriminals use email messages or SMS to trick users into divulging information or visiting a malicious site. A great example of this scam was making the rounds in August. This attack was in the form of an email claiming the users’ incoming messages failed and instructing recipients to visit the OWA portal. Of course, the link did not take them to a certified website; instead, directing readers to fake login pages typically loaded with malware.
- Whaling is similar to phishing, except the target is usually a C-Suite executive or someone with the ability to make financial decisions. The end goal is to hijack that users email and trick subordinates into releasing sensitive data or providing access to bank accounts or other valuable information.
- Voice phishing attacks are not new, yet many people fall for these schemes every year. The scammer pretends to be from a technical support team and tricks employees into sharing credentials for various applications in these situations. In August, MSPs saw a great example of these attacks with cybercriminals impersonating IT personnel attempting to troubleshoot VPNs.
Of course, not every data breach begins with an external attack. Unscrupulous employees can also damage a business’ reputation by sharing insider information or exposing systems that could compromise their employer’s compliance status. Other internal failures include employees forwarding emails to the wrong recipients, inadvertently sharing sensitive company data to people outside the company.
When you consider the current environment and upheaval of the traditional workplaces, MSPs must factor employees’ stress into the equation. Anxiety breeds mistakes. According to a recent study from New York University researchers, 57% of workers say they make more mistakes when stressed. An incredible 47% of those who fell for a phishing scam suggest distractions were to blame for their failure. The research also suggests the leading causes of misdirected emails are fatigue (43%) and distractions (41%).
Overcoming Threats
Many businesses are not fully prepared to face the current cybersecurity threats. To ensure your customers have the knowledge and solutions needed to protect their company, be sure to add the following standard protection measures:
- Awareness Training
Wounded reputations, non-compliance fines, and revenue losses are all possible when organizations do not adequately train their employees on cybersecurity risks. Every end-user must receive frequent education on the current threats and understand that IT can only do so much to maintain their safety. Employees are likely to treat cybersecurity as a hindrance to their productivity, so make sure to highlight the value of each related company policy and how it benefits them to follow all the protocols. Engage staff with interactive lessons using game mechanics and logic and the promise of rewards. Just having a scoreboard can ensure everyone remains interested and willing to learn.
- Email Protection & Encryption
Those with malicious intent love email. According to KnowBe4, at least 70% (and up to 90%) of all breaches result from social engineering and phishing. Ransomware tops the list of ways users are infected, and though most businesses already employ anti-spam filters, those measures are not good enough to stop most hackers. Offering your clients this option with outbound email filtering applications will help your clients keep their sensitive data from unintentionally falling into the wrong hands.
Email encryption is also a necessity for you and your customers. Sometimes there is simply no way to avoid sending sensitive information via email. Encryption ensures only the intended audience will see those messages. Mailprotector’s Bracket encryption program protects business data with easy to use one-time links that prevent cybercriminals and unauthorized eyes from accessing the messages your clients are sending.
Build A Better Security Posture
Your clients need your expertise now more than ever. Guide your customers onto the right track by implementing effective cyber-policies, proven awareness training programs, and innovative email security solutions.
Don’t let your customer’s employees be their own worst enemy and greatest threat. Transform their team members’ expertise and comfort level so that those individuals can eventually become one of their employers’ most vital security assets.