Human error costs UK businesses £98.6 billion every year in security breaches. Matt Kingswood of IT Specialists (ITS) says the direct line between service desks and customers creates the perfect channel for education.
Ransomware might be the trending topic in cybersecurity news, but it’s not the only cyber threat you should be looking at. There’s another culprit that tends to slip under the radar: people like you and me.
People are responsible for making errors such as accessing an insecure web page, downloading infected software or clicking a phishing link in an email. In fact, of all the data breaches reported in the UK during Q1 2016, ICO data reveals that 62% were caused by human error. According to research by the University of Portsmouth, fraud and human error are costing UK organisations £98.6 billion a year. Unfortunately, that number is even larger, as it doesn’t include undiscovered or unreported instances.
So how do you protect your data from people who press the delete key when they shouldn’t or unknowingly introduce malware to your network? To start, follow the below steps:
Back up data
If despite your best efforts, an employee or vendor deletes your data, you can restore the files and prevent a significant impact on business operations if you have current backups. If your systems are taken hostage by ransomware, rather than paying the ransom (which is never recommended, as it only encourages hackers), data backups are the key to being able to regain access to your files.
Beware of shadow IT
As if the risk posed by human error and ransomware alone weren’t enough to keep businesses on their toes, shadow IT only aggravates the threat. Research from Cisco reveals that CIOs estimate that their organisation has 51 public cloud applications in use, but the actual number is more like 730. If your employees are uploading restricted data to an unauthorised cloud application – such as Google Drive, Dropbox and Evernote – without proper encryption, this increases your security risk.
Another one of the most prevalent threats to data loss on the cloud is the use of software as a service (SaaS). A recent study found that almost 80% of respondents had lost data in their organisations’ SaaS deployments. The top causes were accidental deletion (41%), migration errors (31%) and accidental overwrites (26%).
If your organisation is unaware that employees are even using certain cloud applications, this introduces an unnecessary risk. Creating a strong security culture (this will be addressed more below) in which the IT department strives to address security issues while acting as a trusted adviser will encourage users to enlist IT’s help in selecting and implementing cloud solutions.
Educate employees about security best practices
This is where service desks can really help by talking to their customers about the risks and best practices relating to security. The majority of incidents attributable to human error are associated with sheer carelessness or lack of knowledge about how to properly handle data. For example, according to research from Verizon, people opened 30% of phishing messages – that’s 7% more than last year – and of those, 13% also opened the attachment, giving malware a clear path to the network.
To protect against threats, employees need to be educated on:
• How to prevent unauthorised access to data. In addition to verifying that they’re sending data to the appropriate recipient, they should consider who else might be able to view the information. When data is uploaded to the cloud or placed in a shared folder on a local area network, the files must be encrypted to deter unauthorised access to the data.
• How to identify phishing emails. Educate employees on how to view emails with a critical eye. Warning signs include poor design, incorrect spelling and grammar, requests for personal details, suspicious attachments and URLs that don’t match the company’s primary domain (to view a URL without clicking a link, users can hover over the link with their cursor).
• How to respond to a suspected ransomware attack. If employees encounter any suspicious activity, instruct them to notify IT as soon as it’s detected. If a device is affected by ransomware, employees should know to stop working on the affected device immediately.
• Why it’s important to apply security patches. With new security threats continually surfacing, hardware and software developers are creating security patches that secure the application or device. Instruct employees to apply these updates promptly to ensure the company’s data and network are protected.
• How to create secure logins. Employees need to create complex passwords that involve special characters, numbers and a mix of lower- and uppercase letters. Whenever possible, use two-factor authentication to increase security.
These steps may seem obvious to service desk employees, but they are not universally understood ideas, so service desks that help educate the business will contribute mightily to protecting the business from the growing IT security threat.