When considering threats to cyber security, it’s natural to focus on external cyber-attacks looking to gain unlawful access to IT systems through progressively more sophisticated means. Resisting system attacks remains one of the most important lines of defence for any business. However, it is simple human error that still presents the most preventable threat to breaches in cyber security.
Sending an email including sensitive information to the wrong person, clicking or responding to a phishing email, or accepting fraudulent documentation are just examples of human error that could have a catastrophic impact on business operations. We’re used to keeping an eye on fraudulent activity in our personal lives, but how much can simple human error affect the cyber security of a business?
Phishing scams have been on the increase during the pandemic. A cyber security expert’s role is to ensure that employees have the knowledge and understanding to identify when a business is at risk. Phishing training for employees can help educate staff on the signs of a phishing scam and dramatically reduce human error risk. Just reminding staff of simple rules such as not to click on any emails from an external source or with certain subject headings classed as risky can have a huge impact on the fallibility of fraud.
It’s important not to forget how personal devices should also be incorporated into phishing training. Text messages were traditionally seen as a secure way of communication because so few people would have access to numbers. Now, with so many people entering their phone number into online sites, text messages have become a growth area for phishing scams and should be considered a point of access during phishing training for businesses.
As so many cyber-attacks on business infrastructure can start with a simple rogue email, employees and cyber security teams must be encouraged to have a professional and open relationship. Allowing for human error but encouraging shared knowledge means employees won’t be fearful of negative consequences if they inadvertently click on a rogue email.
As home working has increased over the past two years, so has the chance for human error when it comes to cyber security. In a recent study by Stanford University, over 51% of respondents admitted to making mistakes when tired at work, with a further 50% claiming distractions can also cause mistakes such as emailing the wrong person or sending an incorrect attachment. By building a smarter and more open cyber culture, it is easier for employees to remedy mistakes before they have the chance to turn into security issues. Working with cyber security consultants to develop an effective training programme is advisable for forward-thinking organisations.
Invoice fraud relates to a company paying a fraudulent invoice or when email communications are intercepted to give rogue payment details. It’s a rising threat to businesses as more and more enterprises move over to online accountancy systems. Recent research by Barclays found that small to medium-sized businesses are losing on average up to £2,300 a year in this type of scam. So sophisticated are the cloned emails or invoice documents that it can often be months before the payment error is uncovered. Sadly, this type of phishing scam is only successful by exploiting businesses without the appropriate steps to check the source, validity and accuracy of payments.
Invoice Fraud is a threat to cyber security in a company lacking the financial processes to guard against such fake payments. Up to date customer records (including payment terms and details), an internal PO system, clearing payments with designated company contacts, and internal checks on changes to payment details are all example processes that can be put in place to help combat the rise in invoice fraud to make human approval part of the checks and balances required of an online payment system.
Image source: Shutterstock.com