Working life has changed as we know it. The pandemic has acted as a catalyst for businesses to adopt a hybrid working model. This has, however, allowed successful cyberattacks to increase as businesses adapt and transition to the new normal. Andrea Babbs, UK General Manager, VIPRE, emphasises the importance for businesses to have complete all-round security, relying on technology augmented by human intervention.
Cybercriminals are using increasingly sophisticated means of targeting both individuals and businesses of all shapes and sizes. Social engineering, ransomware and malware are just some of today’s top IT risks, and that’s without considering any new threats that might be around the corner. According to VIPRE’s whitepaper, email phishing scams and malware attacks accelerated by 20% during the pandemic. Hackers took advantage of vulnerable remote workers who are away from the support of their IT teams, and these numbers show no signs of slowing down – especially with hybrid working now becoming the ‘norm.’
However, the biggest threat of all is the humans themselves, with 85% of data breaches involving a user. And now, the risk is only further heightened as working from home brings new security problems, for example, adding distractions that you may not find in an office environment – leading to mistakes being made, such as sharing private information with the wrong person, or working from a personal and unprotected device.
IT tools are not the be-all and end-all of protection against cyberattacks, especially not by themselves. Humans have skills that technology solutions cannot comprehend. Employees can interpret language differently and take into consideration multiple perspectives, whereas not all technology is mature enough to make these decisions. Although these tools play a significant part in keeping threats out, if companies invest more in their human firewall then the two can join forces, providing 360-degree protection. But how can businesses do this successfully?
The key to creating a safe and agile workforce starts with changing the existing mindset, rather than perceiving security training as a compliance tick box. If all employees are trained to be more alert to the risks they pose and understand the role they have in keeping data safe, businesses can reinforce a “security-first approach.” Businesses need to offer learning that is engaging. By incorporating relevant and real-life scenarios into the security training, the content should resonate with a global audience and reinforce key messages.
As highlighted, human error is one of the main entry points for cyber attackers, but such risks can be mitigated. When sending an email to the incorrect recipient, or attaching the wrong document, technologies can be put in place to alert the employee to double-check their email before clicking send – in turn, helping to prevent these types of inadvertent data breaches without having an impact on employee productivity.
Additionally, visible tools, such as multi-factor authentication, password protection and restricted web browsing can be supported better and used more effectively once the staff are trained. When this final step, an appropriate set of security tools – both those that are visible and invisible to the user – is implemented, with regular user training; then the Next Generation Human Firewall is ‘active’.