Think about the security of your house. It would be most convenient to not have a door so you can just walk in as you please. But in order to stop the wind and stray animals walking in too, you add a door for privacy. On top of that you add a lock so that your house is more secure.
That’s accepted practice these days for houses – and you can of course go further by adding locks to the windows & gates, alarm systems, bio-metric scanners and why not throw a security guard who checks ID.
The more security layers you put in place, the less convenient access tends to become.
Businesses need to decide how they want to handle this balance.
Most attacks require user interaction to succeed.
What’s the easiest way to infiltrate a business network? Get someone else to do it for you.
What does that mean exactly?
It would be hard for you to walk into an office and sit down at someone else’s computer then start doing “bad things” like stealing data or making bank transfers. Someone would surely see you and you’d be caught very easily.
Cyber criminals authorised staff members to do their dirty work for them, without the victim even knowing it. These crimes come in various shapes and forms:
- Phishing – a “bait & catch” scam where an email looks like it’s coming from a trusted source. e.g. Utilities bills asking for payments, delivery companies with fake updates or banks asking you to login
- Spearphising – similar to Phishing, however the emails are personalised to a victim and appear to originate from a friend/family member/colleague asking for personal information
- 419 scam – a scam that involves sending an advance fee in order to receive a larger sum of money. e.g. Lottery emails & deceased estates
- Malware – Malicious Software that is introduced via email, downloaded software or operating system vulnerabilities which can be used to infect, destroy or hijack computers
- Ransomware – a type of malware that locks computer files until the victim pays a ransom to unlock the files
The list goes on… (unfortunately).
And all of these infections and scams are initiated by end-users who have been tricked.
Do you throw your resources at technology to block attacks or at training your staff?
Technology and User awareness
Unless you’re willing to stop using email or just shut off all external access to your network (which includes internet AND people bringing in USB drives), you’re going to have a security problem.
The best approach is ensuring you have the core bases covered, plus some additional measures if your budget allows for it.
Your Cybersecurity budget depends entirely on how much importance you put on your IT environment. If your business can’t operate without it, then you need to protect it like you do your house.
CNS have a dedicated Cybersecurity Team who are specialised in both the technologies AND the education of staff.
We run Cyber Security Awareness Sessions for current and prospective customers. Contact us to have a chat with one of our Cybersecurity Team and schedule in a session.