Targeted phishing attacks on staff and personnel by cyber criminals are becoming a hugely popular means to infiltrate a companys system due to sheer simplicity. Using unsuspecting members of a business community presents a relatively effortless way to attack a company purely based on the fact that, despite living in this digital era, most people dont know what poses as a cyber security risk. In short, when it comes to recognising cyber attacks, were pretty clueless.
This opens a whole new door regarding the security of UK businesses. Were too busy casting our security concerns outward, unbeknownst to us that the most effective means to breach security lies right under our noses. All it takes is a moment of complacency for detrimental consequences to overcome a business. Instances of criminals using similar domain names and writing styles have been known to lose companies vast amounts of money, data and private records. One such instance was that of the popular social app “Snapchat”, whose payroll information was obtained by a hacker in February after it impersonated the platforms CEO.
Undoubtedly the best way to attack a system is to rely on the trusting nature of employees. But where does this leave businesses, given that the door to attacks is largely opened by their smiling staff rather than some anonymous criminal
Read more on cyber crime:
- Tricks of the trade to avoid cyber scammers
- Eight ways British SMEs can fight hackers and prevent cyber crime
- Ashley Madison hack could be hugely lucrative, but that’s not the only thing to fear
Luckily, for those at risk to these types of threats, their most vulnerable target is also their most valuable asset. In the same way that is takes little time and effort to unknowingly let a hacker access private files, it takes about the same amount of time and effort for staff to learn prevention tactics. Creating a human firewall, where employees are trained and vetted around cyber security, is a simple but effective way to drastically limit the threat of internal cyber security attacks against a business. Often as businesses we are so focused on fearing complex computer hacks that we forget the most common form of cyber attack can be prevented at its most basic level simply through teaching and learning.
Of course, cyber security is still very much a complex issue, and where human intervention can only goes so far businesses have to look for other safeguarding options as well. In those instances, the platform DMARC is available for companies to utilise for free. DMARC authentication works by determining the source of an email; if an email does not align with what the receiver knows about the sender, it is flagged and can be binned before it reaches the victims inbox. Although this is another simple measure companies can undertake in order to protect themselves against cyber attacks, the current usage of DMARC among businesses is worryingly low. Recent research by Cyber Security Partners reveals that only three per cent of the FTSE 250 currently uses DMARC to reject and quarantine illegitimate emails being sent to their customers on their behalf.
Given the simplicity of both DMARC and the creation of a human firewall, it is high time businesses understood the detrimental effects being negligent on security can have. Minor efforts can amount to major safeguards which, if left unprotected, can shake the foundations of any business large of small. No business is safe until safety has been implemented.
Security expert Emma Philpott has said: There’s a lot of great talk, but most SMEs do nothing about cyber security. It’s shocking. Is your business among those Philpott is referring to?
Chris Underhill is CTO at Cyber Security Partners.