The simple mistakes that could cost your company dearly
Good cyber hygiene is the responsibility of everyone in a business, at every level – from the CEO down. While applying patches and updates in a timely manner to address known vulnerabilities may be the remit of a specific team, we’re all accountable for minimising business risk.
So, what are three basic hygiene measures we should all be aware of – and take personal responsibility for?
1. Spoofing – think before you click
While spoofing attempts range from texts to phone calls, email (phishing) remains one of the most popular spoofing methods. Industry reports estimate that 3.4 billion spam emails are sent daily.
And when in a hurry, it’s easy to overlook the tell-tale signs that this isn’t your beloved CEO requesting you to download and pay the attached invoice, the bank warning you that your password has been compromised and you need to update it via the attached link, or that a supplier has just sent you 250,000 rolls of hand towels – please confirm the order by logging in.
While these may seem like obvious scams, the average click-through rate for a phishing campaign in 2021 was 17.8%. Add a phone call, and that skyrockets to an average click rate of 53.2% (300% more effective). Most marketing departments would be envious of those results.
Researchers from Stanford University and a leading cybersecurity organisation say around 88% of all data breaches are caused by employee mistakes. That moment’s inattention – or the failure of your business to educate your people - can expose your business to irreparable harm by sharing login details, diverting funds, and inviting in malware.
2. Device locking – just do it
Yes, this is such a basic recommendation that you’d imagine that everyone does it.
Yet, Statista reports that as of 2021, only around 65% of users protect access to their smartphone using a PIN, passcode or fingerprint recognition.
Given that most smartphones, tablets, and laptops come ready-equipped with a selection of security settings. As setup only takes moments, there’s little excuse for leaving a device unprotected should it be lost, stolen, or left unattended.
3. Wi-Fi warning
We all understand the frustration of not being able to get online. But free Wi-Fi hotspots (think café, airport, or hotel lobby) should come with a public health warning. Especially if you intend to access personal or business accounts or sensitive data without using a VPN.
Mimecast reports that ‘around 50% of Americans regularly use Wi-Fi hotspots for financial transactions, while 18% use public Wi-Fi for remote work.’ This is despite potential dangers, including identity and password theft, malware infection, business email compromise, snooping for confidential data and more. And I’m sure that Kiwis and Aussies are no better.
There are many cybersecurity dos and don’ts that are common sense. But when frustrated or in a rush, it’s all too easy to take a risk that can invite disaster to your doorstep – and being the CEO doesn’t make you immune or absolve you from blame.
At Fusion5, we naturally have our own cybersecurity policies in place to protect our business, our people, and our customers. If you’d like to know how we approach any specific issues, just ask. We’re happy to share.