The simple mistakes that make your business vulnerable to cyber attack
Good cyber hygiene is the responsibility of everyone in a business - from the CEO down - and it’s even more important today as more employees work from home.
Adam van Vliet, the Chief Information Security Officer at Fusion5 says that with the rise of cyber-attacks recently, it’s not a question of ‘if’ but ‘when’ your business will be targeted.
“While applying patches and updates in a timely manner to address known vulnerabilities may be the remit of a specific team, we’re all accountable for minimising business risk,” says van Vliet.
More than 1,200 clients use Fusion5’s services including digital transformation solutions, applications, consulting services, development, cloud and the cyber security support provided by Managed Services.
Van Vliet says that cyber security is among the most important for a business in order to protect its brand’s reputation but it’s also one that businesses have difficulty handling on their own.
“We find our customers often struggle to build a team that has the ability to cover both Microsoft 365 Security and Azure Security as well as provide the ability to scale as required,” says van Vliet.
“If they have solved these issues then they struggle to talk through the noise, but with Fusion 5 as a partner our customers can focus on their core business instead of worrying about security incidents.”
Van Vliet highlights three basic hygiene measures that all businesses should all be aware of – and take personal responsibility for.
It’s advice that he says enhances business-wide vigilance by the company's clients to prevent cybercrime.
So, what are three basic hygiene measures we should all be aware of – and take personal responsibility for? Van Vliet explains:
1. Spoofing – think before you click
While spoofing attempts range from texts to phone calls, email (phishing) remains one of the most popular spoofing methods. Industry reports estimate that 3.4 billion spam emails are sent daily.
And when in a hurry, it’s easy to overlook the tell-tale signs that this isn’t your beloved CEO requesting you to download and pay the attached invoice, the bank warning you that your password has been compromised and you need to update it via the attached link, or that a supplier has just sent you 250,000 rolls of hand towels – please confirm the order by logging in.
While these may seem like obvious scams, the average click-through rate for a phishing campaign in 2021 was 17.8 per cent, according to IBM’s X-Force Threat Intelligence report.
Add a phone call, and that skyrockets to an average click rate of 53.2 per cent (300 per cent more effective). Most marketing departments would be envious of those results.
Researchers from Stanford University and a leading cybersecurity organisation say around 88 per cent of all data breaches are caused by employee mistakes.
That moment’s inattention – or the failure of your business to educate your people - can expose your business to irreparable harm by sharing login details, diverting funds, and inviting in malware.
2. Device locking – just do it
Yes, this is such a basic recommendation that you’d imagine that everyone does it.
Yet, Statista reports that as of 2021, only around 65 per cent of users protect access to their smartphone using a PIN, passcode or fingerprint recognition.
Most smartphones, tablets, and laptops come ready-equipped with a selection of security settings. As setup only takes moments, there’s little excuse for leaving a device unprotected should it be lost, stolen, or left unattended.
3. Wi-Fi warning
We all understand the frustration of not being able to get online. But free Wi-Fi hotspots (think café, airport, or hotel lobby) should come with a public health warning, especially if you intend to access personal or business accounts or sensitive data without using a VPN.
Mimecast reports that ‘around 50 per cent of Americans regularly use Wi-Fi hotspots for financial transactions, while 18 per cent use public Wi-Fi for remote work’. This is despite potential dangers, including identity and password theft, malware infection, business email compromise, snooping for confidential data and more. And I’m sure that Kiwis and Aussies are no better.
There are many cybersecurity dos and don’ts that are common sense. But when frustrated or in a rush, it’s all too easy to take a risk that can invite disaster to your doorstep – and being the CEO doesn’t make you immune or absolve you from blame.
At Fusion5, we naturally have our own cybersecurity policies in place to protect our business, our people, and our customers. If you’d like to know how we approach any specific issues, just ask.
If you’d like to take the stress and risk out of managing your cyber security, Fusion5’s range of Managed Security Services could be the answer.