Bad behaviour is increasing your risk of a cyber-attack – How many do you recognise?

We’ve all heard the horror stories. The mysterious hooded figure surrounded by green matrix-style code (see visual representation to the right), known to hack, steal your identity, wreak havoc on your business, impersonate you and try in every which way to take your hard-earned cash. They are the modern-day poltergeist and as a society, our knowledge of cyber-criminals is ramping up. Fantastic news. The more you know about the threat the better right?

Given the trouble stems from their direction it’s true that we need to keep our eyes open when it comes to hackers. But the lesser known fact surrounding cyber criminals is that it’s actually the people within your organisation that often invite them in – so to speak. 90% of all cyber claims stemmed from some type of human error or behaviour, according to Willis Towers Watson.

A recent study (August 2018) by Switchfast has further found that 35% of employees and 51% of leaders at small businesses are convinced their organisation is not a target for cybercriminals, despite evidence that cyber-criminals target half of their attacks at small businesses (Symantec). Worryingly, over 1 in 5 of those small business leaders would share their email passwords with co-workers, and 76% don’t have multi-factor authentication on their email.

Now we don’t want to put folk on the naughty step here, after all cyber-attacks are an evolving medium. Employees often see cyber security ‘stuff’ as the IT department’s business. Which is true in the sense that it’s the IT department’s job to ensure you have robust solutions in place to bolster protection efforts, but they can’t do it all. So where does that leave your business?

We can’t blame our teammates for their lack of awareness; they may have heard an identity theft story on Good Morning Britain or been invited to help out the odd Nigerian prince. It’s true these obvious hacks have crossed most of our paths, but it doesn’t necessarily mean staff will be savvy on attacks such as Ransomware, one of the more well-known cybercrimes.

What do you mean by ‘BAD’ behaviour?

This is our no-nonsense list of negative behaviours that may lead to increased risk of a cyber-attack:

	Clicking links from unknown sources (hackers love a bad link)
	Believing you don’t have a part to play in protecting business data
	Not double checking a money transfer request in person or over the phone if something is out of the ordinary or doesn’t follow process
	Believing IT security is the sole responsibility of the IT department
	Removing business data and transporting it in an unsecure way (think Heathrow Airport)
	Opening attachments from an unknown source
	Sharing a password or setting a weak password (read how you can bolster your Pa55word123)
	Connecting to unsecure Wi-Fi

Put your hacker hat on

What do hackers value most in an organisation?

Minimal security and a workforce unaware of the threat they pose.

Why? Hackers are looking for a weak link. They want to infiltrate your organisation. Whatever the vehicle (email attachment/link etc) they’re often relying on an action from your side.

In the words of our IT security partner Sophos – break a hacker’s heart.