Users are the Weakest Link—YOU are the No. 1 Target
Clint Brinkley
CEO Your Business Solutions, 2-Time Best-Selling Author, Public Speaker, Philanthropist?and Investor
We’ve talked before about why businesses are the No. 1 target for cybercriminals, we’ve discussed the ever-evolving techniques of cybercrime in general, and we’ve even talked at length about some of the most common ways that criminals will hack into your systems[1] .
Those topics were probably pretty eye-opening—they might have even been sort of blunt, brutal, or harsh. But you needed to hear them, right?
Now, we’re talking about the bluntest truth of all, something that’s likely going to be very hard to hear—users (that’s you) are actually the biggest threat to cybersecurity.
We’re not saying this to damage your pride or make you feel like you don’t know what you’re doing. You’re probably an expert at running your business, managing your team, and growing your organization, but the fact of the matter is, if you’re not an expert at cybersecurity, you are the biggest risk to your own cyber safety.
Why You & Your Users are the Biggest Risks
We want to be clear—we’re not trying to tell you that you’re a failure or don’t understand anything about your system. These are facts, and the more you know, the better you’ll be able to protect your system.
Statistics show that up to 92 percent of the data loss breaches that happen in a company typically stem from a user error—AKA someone from inside the network. Sure, a lot of these attacks can come from employees who have direct, malicious intent (close to 12 percent, to approximate), but most often, attacks typically result from an accidental error, a misstep, or something that obviously should have been avoided.
Let’s Talk Phishing Schemes
One of the most common attacks that hackers will use to access a system is attempting to infiltrate a system through a phishing email. This works well because this, oftentimes, relies on the likelihood that a user will make a mistake. And often, they do.
As you probably know, phishing is when an attacker sends an email that’s sole purpose is to get a user to click on a link, open a document, or send over critical information. While the email might look real or even come from a source that is claiming to be legitimate (like Google, Microsoft, etc.), the entire goal is to open up that link so that the attacker can steal critical information.
Phishing is one of the oldest tricks in the book, but it continues to evolve to be even trickier, stealthier, and more effective. Now, phishing emails can go directly to specific people—like CFOs and office managers, the people who can control the transference of funds.
Attackers aren’t relying on that old “Nigerian prince email” anymore—phishing emails are stealthier than ever, and they’ll continue changing. Ultimately, the goal is the same—get the user to make a mistake, open a link, and then gain access to the entire network in seconds.
Social Engineering—Don’t Let it Fool You
The tricky thing about user error when it comes to hacking is that not every hacking attempt looks or feels like a cybercrime. Often, these attacks are two-pronged and use something called social engineering to make a user feel like what’s happening isn’t an attack.
For example, a user in your company might get an email from a user they don’t recognize saying that a bill needs to be paid. Maybe that user is aware of this type of phishing attack and deletes the email. Well done, right? Well, later, a call comes in for that specific user from the same “company” that emailed earlier—a real person is on the line, requesting the same information the email was.
Doesn’t seem so malicious now, right? A real person was involved.
Wrong. This is a two-pronged social engineering attack. Just because a real person is on the line doesn’t mean that the request is real—it’s important to know how to differentiate these attacks.
Be Alert & Understand Red Flags
Learning how to spot red flags—and then teaching your employees how to do the same—can save your business a whole lot of trouble. So, how can you go about this?
By being okay with being suspicious.
Sure, that sounds a little weird, but trust us, being suspicious is OK, especially when it comes to cybercrime. Don’t just count yourself as paranoid, some people really might be out to get you. Don’t just click away when it comes to emails, be suspicious first!
How You Can Prevent a Phishing Scam (Teach Your Employees, Too)
First and foremost, be aware. Like we said a moment ago, being suspicious is OK—you’re not just paranoid, there are actually people out there who are trying to get to, and steal, your information (it’s literally their job to do so).
It doesn’t matter if your company is incredibly big or super small, there’s always someone out there who wants what you have and views your organization as valuable. Being aware can help you protect your business.
Understand—and teach your employees too—that if anything seems suspicious, comes off as urgent, or is encouraging you to bypass procedure, something is probably wrong. Educating yourself and your staff on these points is going to be crucial when it comes to avoiding phishing scams.
About 30-40 percent of users end up giving up their information voluntarily—and that’s typically all it takes to lead to an attack if that information was given to the wrong person. With the right training, those numbers can reduce dramatically—from almost 40% to 5% or lower.
One of the best things you can do to prevent phishing scams is partner up with the right team to tackle your cybersecurity strategy. At Your Business Solutions, we focus on not only fortifying your security, but we also educate every step of the way to ensure that you—and your users—know what to look for, what’s phishy, and what could put you at risk.
What Are YOU Waiting For?
Stop putting the business, that you’ve invested your life into, in danger—don’t let your ego tell you that you can handle this. If you’re not a cybersecurity expert, you probably can’t. And that’s OK—that’s why we’re here.
The ball is in your court! TAKE ACTION now, protect your business, and do what you can to eliminate user error that could lead to serious attacks.
Because we give back to the community, we are giving away 2 businesses/organizations FREE Cybersecurity Assessments each day until we have to pull this offer.
To get your Assessment visit: https://www.ybs.us/cybersecuritybook/
Looking for more great cybersecurity content? Small Businesses are the #1 Target for Cybercrimes: Here’s What You Can Do / A Brief Glimpse Into Cybersecurity History: Understanding How it Impacts the Future of Your Network Safety / The Top 9 Ways Cybercriminals Will Hack Your Network