5 Ways to Prevent a Cyber-attack

Cyber-attacks are on the rise as threats continue to evolve. One of the primary causes of data breaches is human error. According to the IBM Cyber Security Intelligence Index Report, 95% of incidents are caused by human mistakes. Everyday activities that we take for granted often contribute to these errors.

Employees play a critical role in maintaining an organization's security. Unfortunately, this also means they can inadvertently become a gateway for cyber breaches, especially when dealing with stress and fatigue. According to The Future of Cybersecurity in Asia Pacific and Japan, 90% of cybersecurity and IT employees are affected by burnout. Moreover, the 2023 State of Future of Work Report reveals that 81% of the Australian workforce is struggling with stress and burnout, creating a perfect storm for human error.

Phishing emails, for example, are becoming increasingly sophisticated, and tired employees are more likely to make mistakes, such as clicking on malicious links.

Passwords are another significant vulnerability. Research conducted by YouGov on behalf of Telstra found that almost half of Australians (46%) use generic passwords like "123abc," with men twice as likely as women to use such passwords. Additionally, 17% use their birth dates, and 1.4 million Australians use the same password across 10 or more accounts, with one-third sharing that password with a family member.

A lack of awareness about cybersecurity threats can also stem from inadequate communication from leadership. Employees can't be expected to know what they haven't been taught.

However, there are solutions. By implementing simple changes to daily processes and understanding what red flags to look for, you can vastly improve your security posture. Here are five ways to prevent a cyber-attack within your organization:

1.????? Recognize Email and SMS Red Flags: Instill the mantra "Think before you click" during onboarding and integrate it into your organizational culture. Phishing emails and texts are common, and attackers are becoming more sophisticated. If you receive an email from the CEO asking you to buy gift cards, first check the sender's email address. If it isn't an official company email, it's spam. Even if it appears legitimate, verify the request via a phone call or a separate email. Look out for inconsistent logos and fonts, and avoid impulsively clicking on links. If unsure, ask your IT team for assistance.

2.????? Use Strong Passwords: Avoid easy-to-guess passwords. Consider using a password manager like LastPass to store your credentials. Alternatively, use passphrases—strings of words and phrases with characters and symbols. These are harder to hack and easier to remember. Regularly update passwords (every quarter to six months) and use different passwords for each platform. This is crucial, especially when multi-factor authentication isn't used.

3.????? Implement Cyber Awareness Training: Cyber awareness training should be available to all employees, not just the IT team. Educate every employee from day one, including during onboarding. Consider implementing awareness days or drills throughout the year to keep your employees vigilant.

4.????? Keep Systems Updated: Ensure that systems are regularly updated with the latest security features. Software and programs often have built-in features that help recognize and mitigate human error. Require staff to update their systems regularly, and provide reminders to ensure this task is completed. Performing a risk assessment to identify vulnerabilities is also recommended.

5.????? Use Secure Networks: With the rise of remote and hybrid work, employees often connect to various public networks. Before connecting, double-check that you are logging in to the correct hotspot and avoid auto-connecting to open or unsecure networks. Choose hotspots that require passwords. For added security, turn off file sharing, visit secure webpages (indicated by 'https' and the lock symbol in the address bar).

By following these simple tips, you can significantly improve your security posture and equip your team with the knowledge they need to stay safe.

?