Cyber Security

The Usual Suspects: How Security Awareness Training Prevents Cyber Crime

Written by Amy Hitchmough

Have you been collecting the latest pieces of evidence in our Cyber Clues mystery? The clock is ticking to uncover:

  • what type of malware has compromised the office network,
  • who is responsible, and
  • where the breach occurred. 

The characters in the game represent 6 all-too-common habits that can lead to internal cyber security breaches in organisations of all sizes. 

We often say that your business is only as secure as your weakest link. Your team members and their attitudes toward cyber security can be the best defence or the biggest risk where phishing scams, malware and viruses are concerned. So, let's take a closer look at these characters and how their choices are leaving the door open for cyber crime! 

6 Common Causes of Internal Security Breaches 

1) Unsecured Devices 

Like Tuneful Tara, your staff may be accustomed to connecting personal devices to the network, from mobile phones and tablets to personal USB drives or laptops. In theory, a BYOD (bring your own device) policy can be excellent for saving on hardware, but these unsecured devices represent tens or hundreds of entry points for cyber criminals to sneak into your IT systems. 

As remote working increases in popularity, consider endpoint security, which works in tandem with your existing security systems to help you:

  • vet new devices 
  • monitor connectivity
  • encrypt data
  • whitelist certain applications
  • successfully block any harmful activity

2) Delaying Security Updates 

Postpone Pascal really dislikes when a new software and security update changes the settings on his computer, so he always puts them off for later. Does this sound familiar? 

Although updates can take some time and re-arrange some of your settings, they are absolutely worth the effort. Old and unpatched software likely contains weak spots that can be easily manipulated and hacked. Updates are often released solely to improve security. 

A cloud-powered service like desktop virtualisation allows for regular software updates that are centrally-managed and applied to every virtual machine (VM), so individual users aren't able to delay the updates like Pascal. 

3) Clicking Suspicious Links

Are you guilty of being like Clicky Cameron? He's very thorough, although he can't help but click on every link, attachment and website he sees. Whether it's a targeted ad or an unfamiliar email, curiosity gets the better of him every time. 

Unfortunately, statistics show that 91% of sophisticated cybercriminals start through email. Those links that Cameron can't resist clicking are one of the simplest ways for viruses to infect your network. Training your staff to be extra cautious about unknown links is incredibly important! 

4) Weak Passwords 

Forgetful Fabio can never remember the passwords for all his different accounts, so he keeps them simple and similar...and he writes them down! Everyone in the office knows that they can pop by his desk or send him a quick message for the password to any shared log-ins. 

Multi-factor authentication is just one of the layers of security that you can add to help individuals like Forgetful Fabio. Regularly changing passwords and using password management software are also recommended. 

5) Sharing Sensitive Information 

Whimsical Wilma sees the best in everyone, and she's happy to share information about company policies...anything really to whoever wants to know! Unfortunately, what she doesn't realise is that this slow drip of information (about the software they use, where information is stored and who has access to it) is a massive security risk! Adopt a company policy of only sharing information on a 'need to know' basis, and stay firm! 

And, finally, 6) Skipping the Office Security Awareness Training. 

At SysGroup, we understand that your employees may not be thrilled about seeing "Security Awareness Training" on the schedule. Busy Bimela is a prime example of this attitude. She knows it's important, but she's just too busy! After all, she's not part of the IT department, so she doesn't need specific training right? 

Security awareness training empowers your team to prevent, recognise and stop cyber security attacks. 

Our online or in-person security awareness training offers an engaging and interactive way for your team to understand how phishing scams and cyber attacks work. They will understand the importance of their role and how they are easy targets when they bypass standard procedures and let their guard down. 

Our security awareness training offers: 

  • realistic simulations of common scams and tactics like social engineering
  • beta testing to provide a benchmark of how aware your staff are on the whole
  • graphs and statistics to improve your feedback to executives and management
Have questions about security awareness training? Get in touch with our team for more information. Contact us
Are you ready to make your accusation in the Cyber Clues game? Follow the evidence here

Resources

You might also like

Newsletter Sign up!

Honestly, it's not spam!! 

Join 20,000 others and get expert insights straight into your mailbox! 

Subscribe to our monthly newsletter below.