What is “IT”? You never know where “IT” could be. Lurking around the printer, responding to e-mails, or answering phone calls.
Maybe "IT" comes in an unexpected e-mail from your coworker, Ted. You click on the link inside without hesitation. Ted is notorious for sharing the best memes. Why wouldn’t you? You wait for the webpage to load with anticipation but the page never loads - oh well, there's work to do. Did you notice that Ted's email address was misspelled? What about the web address that the link was sending you to? It was different than the link in the email.
If you haven't already guessed, you (and your employees) are "IT" and you're terrorizing your company's network.
You are so busy trying to keep up with the pace of your busy day that you didn't think twice before clicking. You probably won't notice right away, but that link just downloaded a virus to your computer. Maybe your virus protection alerts you right away. Maybe you don't find out for a week until it has spread through your company's network, infecting vital servers. It depends on which of the MILLIONS of different viruses you have been infected with.
Why does this continue to be a problem?
The most common vulnerability in these attacks and the biggest security threat to your business is the PEOPLE. Cyber criminals engineer their attacks to take advantage of this weakness and often focus on tricking you and I into letting them in. Other methods exploit weaknesses through our failures.
How are employees putting businesses at risk?
- Using common or simple passwords
- Sharing passwords or making them easily accessible
- Accessing company resources through unsecured devices or networks
- Sharing sensitive info without verifying the recipient's identity
- Losing unencrypted devices (phones, laptops, USB drives, etc.)
- IT administration oversights or mistakes
- and so much more
Who is at risk?
While you hear about breaches and attacks at larger companies like Equifax, small to medium businesses are a constant target and far less secure. According to Symantec, 74% of small business owners have been targeted in the last 12 months.
In reality, everyone is at risk, even on a personal level. The security threat landscape has changed with the incredible growth of Ransomware in recent years. It has become accessible to anyone, despite technical knowledge, lowering the bar to become a cyber criminal to almost nothing. It's cheap, easy to spread, hard to track, and it makes criminals money. It's called Ransomware-as-a-Service and could even come from a malicious employee.
What's the solution?
The inevitable vulnerability of human error can only partially be solved through technology and security measures. The most effective way to address it is through employee education. At SumnerOne, we like to call this being a Critical Consumer. You can read specifics on the topic in this article: Human Error and Cyber security: 4 Ways to Mitigate the Risk.
What about technology based security risks?
What are those vulnerabilities and how do they apply to a small to medium businesses? Read on in our follow-up blog: Small to Medium Businesses Need Security Too!
We want to help you and your business. Whether you are in need of a security assessment or you just want more information about becoming a critical consumer, we are your resource. We want to help your business to run more smoothly than ever. That includes service, solution, and the occasional tips on employee education. Contact SumnerOne, we're ready to help.
Originally published October 5, 2017, updated April 20, 2018