Are employees to blame for cyber security breaches?

When it comes to cyber crime, blame should reside with the attacker. However, an SME’s vulnerability is certainly increased by human error and a lack of awareness among employees. It’s therefore important that businesses take steps to mitigate their chances of suffering a cyber security breach.

Unfortunately, as effective as up-to-date and sophisticated anti-virus software can be against malicious malware, employees can still unintentionally and often unknowingly grant cyber attackers access to sensitive information. So, being aware of cyber security risks and the measures that they can take to prevent breaches, means that employees themselves can act as an additional defence mechanism rather than a weakness within SMEs.

Proper cyber security training should be provided by businesses that want to better safeguard their company and mitigate the impact of human error, and employees should in turn actively exercise caution and common sense when faced with suspicious emails or websites. There are a few further areas in which SMEs can promote vigilance to reduce the culpability of their workforce:

1. Strong passwords – These should be at least 10 characters long, containing both upper and lower case letters, at least one number and at least one symbol. Implementing a password policy to which all workers comply, is an effective first line of defence against unauthorised users.
2. Software policies – Ensuring that staff seek permission before downloading software – and only then from an approved source – helps reduce the risk of downloading malware-infected files. Even software that appears ‘safe’ can be laced with dangerous code, so having a policy in place removes the risk factor of flawed judgment.
3. Own device use – While it can be tempting for staff to use their own devices for work, it can be risky for SMEs. Extra care should be taken where there are compliance restrictions on usage – for example, in industries where client records and sensitive information are prohibited from being accessed offsite. The same goes for open networks – use public WiFi as if you had someone looking over your shoulder.
4. Phishing emails – Irritating at the very least, spam emails can also be very dangerous when not spotted. Awareness among employees of how to recognise phishing is crucial, as emails are carefully designed and targeted to make them seem more legitimate to their recipients. Perhaps the most essential tip for employees is to take a common sense approach – if something doesn’t seem quite right, it probably isn’t.

For more tips on improving employee awareness of cyber security and threats, download our free guide – ‘Are you cyber vulnerable? A 12-step guide for SMEs’.