Cyber security and the human threat

Having received our own Cyber Essentials Accreditation in 2022, we thought it would be fitting to talk about the importance of cyber-security and the threat from within.

To help businesses improve their cybersecurity posture, the UK government developed the Cyber Essentials scheme, which is designed to provide a baseline of cybersecurity best practices.

What is Cyber Essentials Accreditation?

Cyber Essentials is a government-backed scheme that aims to help businesses protect themselves against cyber-attacks. The scheme provides a set of five cybersecurity controls that businesses should implement to reduce the risk of common cyber threats including:

• Secure configuration
• Boundary firewalls and internet gateways
• Access control and administrative privilege management
• Patch management
• Malware protection

By implementing these controls, businesses can reduce their vulnerability to common cyber-attacks, such as phishing scams, malware infections, and denial-of-service (DoS) attacks. Providing a framework for businesses to demonstrate their cybersecurity credentials to customers, suppliers, and stakeholders.

Why do businesses need to educate their staff on cybersecurity?

While implementing cybersecurity controls is an essential part of protecting a business against cyber threats, it’s not enough on its own. One of the most common ways that cybercriminals gain access to a business’s systems and data is through human error, such as employees falling for phishing scams or using weak passwords.

“76% of organisations say the biggest and most persistent security threat comes from “the enemy from within” – careless end users – who regularly click on bad links, placing organisations at higher risk of falling victim to email phishing, ransomware, CEO fraud scams and various forms of malware. – KnowBe4

I’m sure we’ve all experienced this in the workplace, we’ve all received a dodgy-looking email, claiming to be a client, or fellow colleague, phishing for information or even asking for payments. These emails can range from being obvious to devious and sophisticated and can catch out even the smartest of people.

By educating staff on cybersecurity, businesses can help to create a culture of security awareness and reduce the risk of human error. This can include training on how to identify and avoid phishing scams, how to create strong passwords, and how to report suspicious activity.

By providing staff with clear guidance and support, businesses can reduce the risk of human error and create a more secure working environment.

UK Finance figures showed that in the first half of 2021, businesses saw £59.2 million lost to scams. Don’t be another statistic, educate yourself and your staff!

Check out some of our previous blogs for tips on staying safe, like our blog on password best practices and phish threat stress tests. Or why not learn more about our IT support company Birmingham?