The Human Risk

In this day and age, dealing with cyber security threats is a normal part of business. Predictions are out that these threats are only going to increase each year as the man power, and the computer power, behind these attacks rises.

As this crime industry grows, there are more and more services becoming available to fight it.

But there is a fundamental issue at hand that has nothing to do with how up-to-date your system is, or if you have a back upsite monitoringmanaged services, malware protection, or a firewall. (For all of these, you should be nodding your head in a round of, “Yes, yes, yes.” If not, please familiarize yourself with these resources that, these days, are a must have!)

We are talking about the person sitting at the desk to your left, looking at a computer screen. The employee that, just like every other mammal, has to eat, sleep, use the bathroom, enter their password to gain access to their email account, and sign on to their computer. (This is always a struggle for the elephant!)

Utah Business held its first Cybersecurity and Digital Privacy roundtable recently, where a group of 14 experts in the field lead a discussion on the issues at hand for businesses and cyber security. They found that one of the most common breaches was “when an individual computer is compromised, which can then lead to theft of that individual’s username and password for their email login. This can then translate into phishing emails being sent to their entire contact list – even sending Word document or PDF attachments – and thus infecting any other contact…” Usually the result is devastating, with losses in the 6 digits. A common scenario is large amounts of money being transferred. Let’s say a CEO’s email gets hacked, and then the hackers email his assistant to transfer money to a certain offshore account. Unless there are pre-set steps in place for a situation like this, the assistant may not double check the legitimacy of this request. Sayonara, hard-earned money!

Dean Sapp at Braintrace suggests that multi factor authentication is “[one] of the best controls, for the least amount of money.” If a client is calling him about a breach like the one discussed, usually they do not have multi factor authentication. Matt Sorensen from Secuvant says that bad “cybersecurity hygiene” is to blame for so many companies lacking this feature. Having educated staff and the tools in place to guard against attacks is key.

At a summit last year in Utah, Catch Me if You Can inspiration Frank Abagnale, Jr. said that education is the most important tool to fight cyber crime. In other words, take the time to educate your people. Employees often don’t like change, but if you’ve got long term goals, you must have tools to guard against these attacks, and a staff that is aware of the threats.

Check out some of the resources available to you here.