Nurturing a culture of cyber awareness in your company doesn’t have to cost a fortune and doesn’t require massive amounts of time – but could save your entire business.
- Over 95% of all data breaches are due to human error.
- By some estimates, 97% of users can’t recognize even a crude phishing email when they receive one.
There is now a much greater level of cyber security risk to SMEs caused by more online collaboration, digital networking and supply chain vulnerabilities. And there are an increasing number of threats, resulting from global events and from cyber criminals having access to more sophisticated strategies and malware tools.
A recent industry survey by Mimecast, the leading provider of email and collaboration security solutions who we work with for our clients, showed the types and proportion of mistakes made by people that give cyber criminals the way into a business:
- Poor password hygiene – 80%
- Misuse of personal email – 78%
- Oversharing of info on social media – 77%
- Careless or inappropriate use of smartphones – 75%
- Careless or inappropriate use of collaboration tools – 75%
The fast and effective way to embed cyber awareness into your business culture
When considering priorities for your business you could save yourself a great deal of pain if you do these two things:
- Provide ongoing training to your people in cyber security awareness. Introduce short, engaging emails to your employees which explain cyber security issues and remind them how to prevent threats on a regular (think once a month) basis. These could literally stop someone clicking a malicious link and letting a cyber criminal into your business.
- Secure your email. Use Domain-based Message Authentication, Reporting and Conformance (DMARC) protocol.
Believe us, we know from working with all kinds of people over the years that this is necessary. Employees and business owners at all levels need to recognize that cybersecurity isn’t just an IT issue but something that affects them personally and for which they are directly responsible.
By ensuring that your people can’t forget about cyber security threats and that they know what to look out for and actions to take, you can reduce the risk that the interaction between people, communications and data poses.
For cyber criminals email remains the primary route of attack
The 3 most common types of email threats are phishing, ransomware and spoofing.
1. 90% of corporate security breaches are the result of phishing.
Sometimes it’s easy to spot a suspicious-looking email – often it has spelling mistakes, isn’t formatted or worded properly – we’ve all seen them. But for every one that is obvious, someone gets duped into opening an email they think is from a trusted party but isn’t. There were an estimated 255 million phishing attempts in 2022, a 61% jump over the previous year. Worse yet, more than 70% of these emails were opened by the recipient.
Among all respondents to the Mimecast survey, 80% said they had experienced at least one attack where the threat had spread from one infected user to another.
2. Ransomware
The concerning thing here is that many business people assume, wrongly, that ransomware attacks only happen to high-profile companies – like those on Royal Mail and The Guardian recently. Now though, smaller businesses are reporting serious damage from ransomware. Companies in certain industries like energy and consumer services have been found to be targeted by ransomware more frequently.
3. Spoofing
Spoofing attacks – when a cyber criminal impersonates a contact, a brand, the address of a website or an email domain – have increased too. Knowing how to spot these fakes is crucial across all personnel. And, to protect your business as best you can, you should deploy Domain-based Message Authentication, Reporting and Conformance (DMARC) to prevent email spoofs getting through.
By carrying out the ongoing training in cyber awareness for your staff and deploying DMARC as above, you will help protect your business against these sorts of threats and cyber attacks.
Contact us on the form below or by phoning 0330 124 3599 to discuss next steps.