You are the weakest link
A decade ago, an anti-virus solution, firewall and some DLP were thought to be more than enough to prevent threats from damaging your organisation. However, today’s threats are far more sophisticated, and rely on your company’s most valuable assets to succeed – your employees.
Without intending to do harm, an employee can unintentionally cause major harm to your organisation by falling victim to phishing and social engineering, says Robert Brown, Managing Director at DRS.
“How many of your staff would recognise a phishing email if they saw one? Social engineering, which attacks the human factor, is posing a serious risk to businesses. Clever cyber crooks use these methods to trick their targets into giving them access to confidential information such as login credentials, credit card numbers, or account details.”
He says over and above the legitimate-seeming phishing emails that we have all been sent multiple times, threat actors are now using social media and other popular platforms to launch their attacks.
“These schemes are targeting employees within the organisations in the cyber criminal’s cross hairs, and businesses need to be aware of the risks, and take steps to avoid this scourge. Although most companies have spent a fortune on security tools and measures such as IPS and AV, these tools are not enough to mitigate the risk of social engineering attacks. In fact, they do little to address the human factor at all.”
There are several ways to raise awareness of the human element and make your employees more ‘security savvy’ he says.
“Start by establishing an information security programme, and there are several aspects to consider when developing it. For businesses without a programme in place, or as a minimum benchmark for those with existing programmes, it must contain certain elements, such as meeting compliance requirements, addressing the fast-changing information security threat landscape, and it must reinforce a company’s business culture.”
Establishing and maintaining information-security awareness through a security awareness program is crucial to any company’s progress and success, he adds. “A robust and properly implemented security awareness programme will help the business with the education, monitoring, and ongoing maintenance of security awareness within the company.”
A successful security awareness programme should also include getting a security awareness team together, as well as security training, role-based security awareness, and the communication of security awareness to and within the business. “It helps here to get a checklist together, to help the company when developing, monitoring, and maintaining a security awareness training programme for employees.”
Another helpful tool, says Brown, is social engineering phishing testing, which can help an organisation pinpoint any vulnerabilities and monitor the effectiveness of its information security training, procedures and policies. These tests would see fake links sent to various employees. Those who click on the link could be redirected to a Web site with information and training resources about phishing. Results would be collated and reported to the security training team.
“At the end of the day, the more aware your employees are, the less likely they are to fall foul of social engineering techniques. Over and above testing, there are several tips you should offer your staff to help them be more conscious of information security. Firstly, don’t open any suspect links or emails. Check any links by hovering your mouse pointer over the link as this will reveal the true link. Scrutinise any company names for small errors like transversed digits or misspellings, as these are designed to work as they are not usually inspected too closely. Also, be leery of email attachments, even if they appear to be from a trusted source.”
Finally, he says, realise that your staff are your organisation’s greatest vulnerabilities in the face of growing and changing cyber threat landscape. “However, with thorough security training, they could become your company’s best defence too.”
Behind the Scenes
DRS is an ICT services and solutions provider that offers ingenious security services with a portfolio that covers customer needs from the creation of security strategy to the daily operation of point security products. DRS partners with market-leading technology providers to ensure the best possible infrastructure and adds the services to ensure that the chosen products are effectively implemented and operate efficiently.
The company specialises in providing innovation and agility in the areas of information security, IT risk management and IT governance, focusing on key areas ranging from Anti-Malware Protection, Desktop Firewall/ Host IPS for PC’s, Content Filtering to Perimeter Firewalls, Intrusion Detection and Prevention, Vulnerability and Configuration Management, Security Event Consolidation and correlation and even Data Loss Prevention, Network Access Control, Encryption and even more.
DRS is a specialist in the effective implementation of many industry-leading technologies such as Air Defense, AccessData. ArcSight and many more. We strive to excel in all domains remaining entrepreneurial.
- Taming the ‘black swan’ gives rise to the Gig economy | #Opinion | #Mamiki Matlawa | Qunu Staffing | #ebizradio - January 17, 2022
- In the news this week | #News | Kuhle Tshabalala | #Podcast | #ebizradio - January 14, 2022
- BE BOLD, BE BRAVE | #UnscriptedLife | Clive Vanderwagen | Craig Urbani |#Podcast | #ebizradio - January 14, 2022
- Are you thinking of buying a pre-owned 4×4? | #Motoring | Diesel and Dust | Tumelo Maketekete | #Podcast | #ebizradio - January 13, 2022
- How Paying it Forward in business changes the environment | #LTC | Lunchtime Series | Kevin Britz | Helen Martin | #Podcast | #ebizradio - January 12, 2022
- How professionals create good money habits | Change Conversations | Mpume Ncube Daka | Amanda Dambuza | #ebizradio | #Podcast - January 11, 2022
- The 2022 School Year: What Teachers, Parents and Learners Can Expect | #Classroom | #ebizradio | The Love Trust - January 10, 2022
- An African Platform for African business by African Business | #Entrepreneur | Word of Mouth | Lindi Tshabangu | Grace Mumo | Luxury Xclusives - January 10, 2022
- No matter what – SHOW UP! | #Entrepreneur | #BizInsight| Ingrid von Stein | Daniel Kahn | Firstwatch | #Podcast | #ebizradio - December 22, 2021
- Mission Possible! – A global health doctor takes on a new mission | #Insight | Ingrid von Stein | Dr. Allan Pambe | Roche Diagnostics | #Podcast | #ebizradio - December 22, 2021