Ask the Expert: The role of human error in cybersecurity breaches

Ask the Expert, Startup Initiatives |

This article first appeared in the Union Leader in March 2022

IN TODAY’S modern environment, almost everything we do, both in our personal and professional lives, is connected to the digital space. While the advancement of technology has brought significant improvements to our daily lives, there’s a price to pay for it. Cybercrime has become a major issue for companies and individuals alike in the past few years.

The current pandemic only made things worse, and since the start of the pandemic, the FBI reported a 300% rise in cybercrime. While software errors or development problems are sometimes responsible for cyberattacks, human error remains the main cause of 95% of cyber security breaches.

So, what are the specific threats companies face? How can business leaders protect their organizations? Let’s take a look at some of the main cyber threats involving the human factor and the best practices for mitigating the risks associated with them.

Top cyber threats that occur due to human error

Hackers are constantly finding innovative ways to exploit human vulnerabilities, and the types of attacks they use are more diversified and harder to spot than ever. The strategies used by malicious actors are infinite, but some types of attacks are more common than others.

Here are the top threats that occur due to human error:

Phishing

By far the most popular technique, phishing is a social engineering scheme that attempts to lure people into sharing sensitive data, transferring money, or clicking on a malicious link or file. Hackers use a fraudulent message to trick users into believing that the message comes from a trusted source. Statistics show that at least one person clicked a phishing link in around 86% of organizations.

The first step in mitigating the risks associated with this threat is learning how to recognize a phishing email. This is what you should pay attention to:

The “from” email address: check if the primary domain is accurate and pay attention to any misspellings.

Suspicious attachments or links: Do not open attachments unless you’re sure that the message comes from a trusted source. Also, check whether URLs in the email match the destination source.

The message: Phishing emails often try to create a sense of urgency, induce fear or exploit natural curiosity. Also, they are often poorly written and contain grammatical errors.

Always think twice before clicking on any links, opening attachments, or giving away sensitive information.

Password attacks

Passwords are one of the major weaknesses in your company’s security. Despite the increasing number of threats, many people still have poor password hygiene, with “123456” being the most common password in the world.

Making sure your employees follow best security practices when it comes to their passwords requires minimum effort but can significantly reduce security risks.

These practices include:

Use 2FA/MFA: Make sure your employees stay safe with two-factor authentication (2FA)/multi-factor authentication (MFA), as adding extra layers of security makes it much harder for hackers to compromise an account.

Don’t reuse passwords: There should be a different password for every account. This way, if an account is compromised, the hacker doesn’t get access to all the other accounts. To keep track of all passwords, implement a password manager.

Change passwords regularly: Passwords should be changed every three months.

Use complex passwords: Advise users to use passwords composed of both numeric and alphabetic characters, with a minimum of 12-15 characters.

Public Wi-Fi

While it’s no secret that public Wi-Fi can lead to security breaches, many people continue to use it, even for work-related tasks. The problem is that even encrypted data can be stolen if a user uses his email from public Wi-Fi.

However, stolen data is not the only potential consequence of using public Wi-Fi. It can also lead to identity theft, malware infection, snooping and sniffing.

It’s important to be aware of the risks of using public Wi-Fi in order to keep your data safe.

Best practices for keeping your company safe

Business leaders need to understand that ensuring their company’s security starts by mitigating the risks associated with the human factor. Investing money in sophisticated security software is not enough unless employees are also trained on how to spot and prevent cyberattacks.

Let’s take a look at some easily achievable security practices that all companies should consider:

Security awareness training: This is the single most effective way to reduce human cyber risk. Unfortunately, while companies acknowledge that the human factor is one of the main causes of security breaches, only a few of them take action and invest in the education of their employees.

Implement a password manager: You can store your passwords in an encrypted form by using a password manager. Plus, it can help you create more secure passwords to keep your accounts safe.

Stay alert: Promote a strong cybersecurity culture in your organization. Make sure that your employees are aware of the potential threats, and always keep an eye out for any suspicious activity.

Also, keep in mind that when it comes to cybersecurity, prevention is always better than recovery.

A safer future

The change toward a safer future starts with minor adjustments that all companies can and should take. Fortunately, more and more business leaders have begun to understand the importance of cybersecurity and promote security awareness in their organizations.

The New Hampshire Tech Alliance, in partnership with the New Hampshire Small Business Development Center, have launched a free Cybersecurity Review program for businesses with up to 500 employees. Businesses will be able to meet with a cybersecurity expert who will provide a customized evaluation with actionable and achievable steps they can take to start protecting their business immediately.

This is a limited opportunity, and once the program is full, applications will no longer be accepted. The program is provided at no cost to business thanks to CARES Act funding through the NH SBDC. Visit nhsbdc.org/cybersecurity/reviews for more information.

Eric Anderson is the vice president, sales & channels, at Symbol Security.