In spite of investing tons of money on security, organizations still fall victim to data breaches. Why? Because security doesn’t work if people don’t use systems securely. Click on a link in the wrong e-mail and all of that security investment goes out the window. Recent news events and surveys of IT security professionals reveal that the biggest cybersecurity risk comes from people. Your systems are only as safe as the security knowledge of your least knowledgeable worker.
As a tax professional, I have a figurative Bull’s Eye on my back, especially when it comes to phishing e-mails and other hacking attempts. But I’m not “special”. Phishing e-mails are among the most popular mechanisms for hackers to lure you or your workers to unknowingly expose your systems to attack. Phishing attacks are used to obtain bank account information, wire instructions, system logon credentials and personal identifying information.
Systems can also be at risk from actions, or lack of action, on the part of systems users with administrative privileges. A prime example is when a System Administrator fails to change the manufacturer’s default password to a unique password. A door to that system is easy to open if a hacker knows or guesses the default password, leading to unauthorized access and vulnerable data. Make sure your business follows best practices to change default passwords upon installing or updating applications.
Training and periodic reminders are essential to enhance awareness and keep workers on their toes. Traditional training, like webinars and documentation, make people aware of cyber threats and vulnerabilities. Use real life examples from the news to illustrate risks that workers should look out for. A few scary, true stories about accessing and stealing sensitive data will open their eyes. It’s a great way to help your workers recognize when they are the target of phishing or another scam.
Organizations can be vulnerable to hackers in spite of large investments in security. Your systems are only as safe as the knowledge of your least knowledgeable worker. News events and industry surveys reveal that people present the greatest cybersecurity risk. Organizations can mitigate the people risk with training, periodic reminders and by following best practices to change manufacturers’ default passwords.