Despite the ongoing business focus on investing in strong cyber security, one of the greatest causes of data breaches is often ignored – employees themselves. According to a 2014 report by IBM, 95 per cent of IT security breaches are caused by human error.
There is a lot to be learnt about security, and it’s an ongoing process as hackers continue to get more sophisticated in their attacks. If your company is the victim of a data breach, it can be distressing for your customers and colleagues, but finding out where the risks lie can save you from major threats today and in the future. Here are three ways that you might be risking your organisation’s safety and how to avoid them.
1. Opening emails from unknown senders – or known ones
Sometimes cyber attackers will use a method as simple as sending a piece of malware in an email – as we saw with the data breach on American retailer Target. An email containing a piece of malware was allegedly sent to a heating, ventilating and air conditioning company that works with Target and, using stolen passwords, the cyber attackers accessed the credit and debit card details and other personal information of an estimated 110m people.
Downloading attachments from unknown senders is a big risk. If you’re unsure about anything that lands in your inbox, your first action should be to report it to the security team or IT support.
Increasingly, attackers are hijacking what could be known accounts, attaching dangerous files – i.e. you recognise the person emailing you. A PDF from someone you know is probably fine, but if you receive an email with a .exe file, for instance, don’t open it without turning to IT support first.
2. Password protection
How often do you find yourself resetting passwords or asking for reminders because you’ve forgotten yours? With so many accounts and passwords to remember, creating a “secure” password is becoming less of a priority.
You’ll have heard of the usual ways to make strong passwords, like a mixture of uppercase and lowercase letters, numbers and symbols. But it’s also about being careful where you enter your password. Think twice before giving it out. The most common way to be tricked is through phishing, or from emails that direct you to a seemingly legitimate site to enter your password.
An effective way to ensure better security over accounts is through two methods of authentication (multi-factor), such as a password and unique code sent to your mobile each time you log in. If your company doesn’t have this policy in place, it could be something you highlight to the security team as an effective method of security defence.
3. Connecting to free Wi-Fi
The phrase “there ain’t no such thing as a free lunch” rings true here. The free Wi-Fi that’s up for grabs in cafes, hotels and restaurants isn’t always secured properly and, by connecting to it, you could be putting your data or that of your company at risk.
All it takes is a portable device and a smartphone for a hacker to hook up to the Wi-Fi and redirect all the devices connected to it, without their knowledge. Once they’ve got you connected, they can access just about anything; names, addresses, passwords and bank account details. If you often find yourself in a cafe needing to do some work, protect your device by installing encryption and antivirus apps such as Avast or Bitdefender to keep the hackers out.
Cyber security threats are only going to grow as technology becomes more embedded in the everyday working environment. Business leaders and employees need to work together to prevent hackers from finding the opportunity to breach company firewalls, and being aware of these risks is the first step in doing so.