The cost of human error, when it comes to cyber-crime can be very damaging. The unfortunate thing is we are making things far too easy for the cyber criminals
We are now in the digital age. This means, everything is online or stored on some device. We all use Smartphones and tablets and it is hard to imagine life without them. With the introduction of cameras on our mobile devices and better and faster Internet access. It is easy to take a picture and send it to a Facebook or Instagram account and that picture then automatically stores a copy in Microsoft OneDrive/Dropbox/Google drive etc. By sharing all this personal information, it makes it very easy for the nasty people that partake in cyber-crime to social engineer you. So, a key message we have to put out there is do not share your personal information like date of birth, where you were born or mother’s maiden name on Facebook. This is just giving cyber criminals a head start, into guessing your passwords
Information is now key, and we can’t get enough of it, but it is also very dangerous. You don’t know who is uploading information to social media and more importantly what is embedded in it. Social Engineering is ripe, it is going on at every level and it is sad to say that the easiest way to penetrate somebody or some business is through a botnet on a mobile device. The human part is wanting to look at everything and not always thinking before acting. It only takes one click and you could be infected!
The Cost of Human Error – Phishing
If your Smartphone gets infected, you will, eventually, give someone your Internet banking details. You will have people looking at your emails. You will have someone accessing your online data, that could be personal or work related.
I heard a story at a recent cyber conference where the child of a Managing Director had downloaded a game onto his iPhone. This game contained a botnet which allowed the attacker to see what emails were coming in and going out of their account. It transpires, that the attacker spoofed the MD’s email and sent a false email to the Finance Director telling him to change the bank account of a major client and pay the latest invoice into it. The FD, thinking it was legit, made the payment of £500k. The rest as they say is history!
This is a becoming all too frequent and attackers are getting smarter and more devious. So, in this case the, cost of human error was £500K and we can measure that. But, there are a lot more examples that you can’t put a monitory cost on.
The cost of Human Error – Disruption to business
Ransomware is very high profile in the news. There are lots of companies that have been attacked at some point over the last few years. But, we only really hear about the big attacks. If your company has been infected with a Ransomware virus, then the cost of human error can only be measured in how long it takes to get the systems back up and running. If you are an on-line retailer and your website is attacked then the cost is the loss of business from the time the site goes down till you get it back up. More importantly, in this instance your reputation has been damaged and sadly, the cost of human error will never be known.
If a Ransomware attack gets into your internal file system and important files are encrypted, then the cost is downtime as users can’t work, downtime whilst your IT department brings down your systems whilst they investigate and clear out the virus. Depending on what kind of storage and disaster recovery solution they have, this could take anywhere between minutes to hours and even days.
Unfortunately, we can’t do anything about our human instincts for information. What we can do though is do everything to mitigate the chances of you getting infected.
Security Tips to help protect yourself and your business.
- Ensure every device has Anti-Virus enabled
- Never access free Wi-FI and use your Internet banking. Wait until you have a good 4G connection or you are on your own secure connection.
- If you provide Wi-Fi services to staff, make sure you have a guest network and keep all non-company mobile devices off the Local Area Network
- Ensure you have policies in place to restrict who has access to company data – only the people that need to know should see data.
- Corporate firewalls should be locked down and only the necessary ports should be open
- All passwords should be 15 characters long and have a mixture of letter, numbers and special characters
- Backups with version control should be in place and carried out at least daily. Everybody, no matter what size of business should have at least 3 copies of data. 1st copy is your main production data. 2nd copy is your backup. 3rd copy should be in a separate location – this is where the cloud is very useful if you are a small business or sole trader then have an external hard drive that you only plug in when doing backups.
The cost of human error is plain to see, the only way to stop it, is to ensure you, your business, your business users, your friends are educated against the threats. There are a lot of other security procedures we could mention but most are common sense. If you are not sure of the best route to take, then please feel free to contact us www.weareunleashed.com or phone 0333 240 0565