4 minutes
Solving the human factor behind cyber threats is the most crucial step in averting an attack.
Recently, several major companies including Twitter, Marriott, SolarWinds, MGM Resorts, Zoom, to name a few, fell victim to cyberattacks. These attacks spanned a wide range of types, including malware, phishing, ransomware, denial of service, man-in-the-middle and zero-day exploits.
Though each of these corporations have substantial cybersecurity resources, they still fell victim to well-resourced attackers who used sophisticated means to gain unauthorized access to their systems and software. Some of the vulnerabilities bad actors exploit are technical in nature, like insecure software, yet the most significant security-related lapses can be attributed to human error.
For managers, solving the human factor in cybersecurity becomes the most crucial step in averting an attack, and this effort starts with turning employees into cybersecurity champions.
Adverse Effects of a Cyber Attack
Cyberattacks adversely affect both large and small organizations. While larger companies are more attractive targets because of the potential payoff, smaller businesses—including credit unions—represent softer targets and are an easily accessible training ground for novice hackers.
The costs of a cyberattack are manifold. A University of Kent study found that cyberattacks can have as many as fifty seven effects, impacting the physical, economic, psychological, reputational and social well-being of individuals, businesses and even societies.
For large organizations, adverse effects may include reputation erosion and regulatory fines, both of which can result in lost revenue through shrunken market share and encroachment by competitors.
Smaller organizations face a more existential threat from cyberattacks. While a large corporation may suffer millions in losses, this amount is relatively inconsequential in the grand scheme of things. However, a Kaspersky Lab report found that small businesses pay on average $38,000 in up-front fees to recover from a single cyberattack—an amount that, for most small businesses, could very well mean the end.
5 Best Practices to Follow
Avoiding a cyberattack is, therefore, a mission-critical aspect of doing business. Here are five steps leaders must take to prepare employees for a cyber-insecure world.
1. Personal Data Protection
Employees interact daily with sensitive data in the form of passwords, email addresses, admin accounts, trade secrets or other access control credentials. Cyberattacks like phishing, malware and ransomware occur when this data falls into the wrong hands. As such, employees should be educated on how to proactively restrict and protect data access, no matter how seemingly inconsequential—not just in the office, but even while at home, on a personal device or in public.
2. Cyber Access Control
Weak passwords and inadequate cyber access control protocols are some of the easiest ways for attackers to gain access to sensitive data. For instance, when employees reuse the same passwords across multiple work and personal web accounts, it becomes easy for an attacker to access numerous web properties through a single compromised password. Managers can avert this by enforcing robust access control protocols like using a password manager, routinely changing passwords and using two-factor authentication.
3. Secure Network Connections
Insecure networks like public Wi-Fi are another major cybersecurity threat. If an employee uses such a network to access the office network, they may become exposed to man-in-the-middle and data sniffing attacks. A good cybersecurity practice ensures employees never use public networks when working. Since employees often need an internet connection, they should instead connect using a mobile data connection, a more secure option, especially when traveling or in public.
4. Device Updates
Attackers exploit known security vulnerabilities by targeting devices that do not have the required software updates or patches. If employees use company devices, making it mandatory to push remote updates immediately after they are published can avert such attacks. However, if employees currently use a personal device at work, educating them on the importance of keeping all their devices updated and showing them how to enable automatic updates can also be an effective measure against software update-related attacks.
5. Ongoing Training and Sensitization
Awareness and vigilance are at the core of a practical and effective cybersecurity strategy. If employees have a cybersecurity knowledge gap, this might be the weak link that attackers exploit. A comprehensive cybersecurity program can be a powerful weapon in the fight against cyberattacks. The right training and sensitization plan will address all the practices mentioned above in addition to helping employees understand their crucial role in protecting your credit union’s data integrity.
Employee-led cybersecurity is one of the most effective strategies against cyberattacks. While technical tools and cyber liability insurance are a must, empowering employees creates a more secure perimeter wall with fewer gaps that an attacker can exploit. For IT managers and other leaders, this means creating cybersecurity strategies and protocols that factor in employees, turning cybersecurity into an organization-wide collective effort and not just the IT department’s responsibility.
Ashley Lukehart has been writing about the impact of technology and IT security on businesses since starting Parachute in 2005. Her goal has always been to provide factual information and an experienced viewpoint so that business leaders are empowered to make the right IT decisions for their organizations. By offering both the upsides and downsides to every IT solution and consideration, expectations are managed and the transparency yields better results.