In our 12 Threats of Christmas feature, we want to look at cyber threats and issues that can impact organisations.

Some may be known to you, whilst others, may seem a little more out of the box.

On the twelfth day of Christmas, our cyber threat is:

Human Error

Human error is still the weakest link in cyber security vulnerabilities. Staff training is hit and miss in this area, as often cyber security isn’t seen as a huge risk or a top priority in many organisations.

Unfortunately, cyber criminals are more than aware of this fact. Most of their cyber tactics work based on a member of staff being the weak link in the cyber chain.

As our 12 Threats of Christmas draws to a close, highlighting the things that can be done to try and improve the human element of cyber security seemed like a fitting way to sign off.

What best practices could our company implement to reduce the risk of human error?

It’s vital that businesses create a ‘no blame’ cyber culture, actively encouraging its employees to speak out about any suspicious emails they receive. This positive cyber culture can be built on by:

  • Regularly giving your staff cyber security training
    • Send them a phishing email, so they know what to look out for.
      • See how many of your employees spot it was a phishing email
      • See how many of your employees report it
      • See how many employees fall for the scam, and offer them further training
    • Regularly providing training of this nature will keep the thought of double-checking emails fresh in people’s minds. Reducing the risk.
  • Passwords
    • Encourage your employees to come up with strong complex passwords
    • Store passwords into a password protector, so employees don’t have to re-use the same password for various websites or remember passwords for all of the sites they access
      • Minimum of 8 characters long
      • Mixture of upper case, lower case, numbers and special characters
      • Try to steer clear from ‘1’ and ‘!’ as this remains the most used number and special character
      • Don’t just capitalise the first letter in your password, as this is easily guessed
    • Encourage your employees to regularly change their passwords
  • Have a process in place to deactivate accounts of previous employees effectively and in a timely manner
    • Do you have a door code to your building? When an employee leaves the organisation, change this as soon as possible to prevent them passing the code onto a third party or accessing the building out of hours
    • Lock ex-employees out of their work accounts, so they can no longer access them

It may appear that cyber criminals will always be one step ahead when it comes to breaching an organisation’s cyber security. However, by tightening your belts, not just from a technical perspective but from a cultural standpoint as well, you begin to make their job just that little bit harder.

You may no longer appear in the cyber criminal’s little black book of ‘easy’ cyber targets. And you’re able to demonstrate to your employees, clients and third-party suppliers that you take cyber security seriously, which will have positive repercussions in your industry.

What have we covered over these 12 days?

Day 1 – Phishing

Day 2 – Watering Hole Attacks

Day 3 – Ransomware

Day 4 – Password Hygiene

Day 5 – Domain Name System Attacks

Day 6 – Cyber Criminals

Day 7 – Social Media

Day 8 – Removable Storage Media

Day 9 – Computer Healthcare

Day 10 – Macros

Day 11 – Administration Accounts

We hope you’ve enjoyed our 12 Threats of Christmas articles.

We wish you all a Merry Christmas and a prosperous New Year.