Human errors cause major IT security problems for small businesses
Candid Wüest recalls the time he worked with a client whose systems were infected with ransomware after an employee fell victim to a phishing attempt. The individual was tricked into downloading and running a file, thinking it came from someone in the IT department.
The breach was devastating enough that the company had to shut down operations for the rest of the day – and the next day as well.
“The employee accidentally left an attack on the network,” says Wüest, now vice president of cyber protection research at Acronis. “This human error required the company to spend significant time and financial resources to recover from the attack.” It took several weeks, he adds, for the company to complete its investigation into the attack and ensure there were no other compromises in its network.
Unfortunately, human error still plays a key role in many cybersecurity attacks. In 2021, 44% of security incidents were caused by employees experiencing phishing or other non-malicious violations of security policies, up from 36% the previous year, according to the 2021 Security Priorities Study. ‘IDG. This was the case even though almost half of the respondents prioritized employee security training and awareness.
Human error remains a factor simply because people are creatures of habit and sometimes bypass security protocols rather than adapt to them.
“Another reason is that individuals often feel rushed and overworked, which can lead to carelessness, especially when checking emails,” Wüest says. “Most people have probably been trained in how to avoid phishing emails, but checking links or manually typing known, legitimate domains into the browser window takes time, so these actions are often ignored.”
How Small Businesses Can Protect Their Systems
Business leaders must remain committed to instilling safety as part of the culture.
“Training employees on proper safety procedures cannot be a one-size-fits-all solution,” says Wüest. “The corporate culture must continually build a safety mindset. This strategy must come from the top down.
Continue to hold regular training sessions. “Phishing tests can also be run to help employees see how easy it is to fall for phishing attempts. However, this should be used to educate employees, not to punish them.
“Security procedures should be a regular topic of conversation at meetings, and any potential issues should be widely discussed,” he adds.
But while education and a culture of vigilance can reduce your risk surface, any system that relies solely on human judgment will almost inevitably see flaws – and it only takes one failure to jeopardize an entire organization.
Modern security solutions incorporate automated defenses, such as multi-layered anti-malware capabilities, that counter threats immediately on contact, while URL filters can flag suspicious addresses and prevent users from encountering most cyberthreats.
Even if you don’t have a strong in-house IT team, there are third-party services to suit any budget. Managed service providers can bring your systems up to proper security standards without breaking the bank. With average ransomware payouts now exceeding $100,000, it’s time to invest in proactive protective measures. The very existence of your business depends on it.
Protect your employees and your business from human error. Visit us here.
Copyright © 2022 IDG Communications, Inc.