1 / Phishing and People

Generally, businesses are made up of people. Without people, there is no business. As your business grows, your team is also going to grow. For the most part, your employees are the life source of the business. They are the people that are bringing in new business, delivering the goods and making activity run smoothly. However, when it comes to IT security, those same people who make your business run can also be the biggest flaw in keeping it safe.The figure that “an employee is three times more likely to infect a colleague with a malicious email than they are to spread the flu to their partner,” is a worrying one. The likelihood of an infected person spreading the flu to someone they live with is between 20 and 25%, while 71% of organizations were hit by an email attack in the past twelve months that originated from someone within the organization spreading a malicious attachment or url to others. This, along with the fact that “your chances of spotting a phishing email are as slim as you hitting a specific number on the roulette wheel” — when you consider there are 37 possibilities — is a clear demonstration that there is a real knowledge gap for employees about what a dangerous email looks like. However, there is an inevitability that people will always get duped, no matter what training they receive. Some of the emails that are sent by cyber criminals can be well hidden, posing as amusing or standard emails, asking to be shared around the office. It just takes a casual “forward” and the damage is done. It is a fundamental problem that is akin to gambling – the inherent human flaw in people and their judgement. An employee is three times more likely to infect a colleague with a malicious email than they are to spread the flu to their partner. Of course, it is not just the employees’ fault. Should it be down to them to understand what form these malicious emails take? Is it not the CEO or other leaders within the business that need to also act with vigilance? But as already mentioned, it is an inevitability that people will fall for such attacks. The answer therefore lies with the implementation of more robust communication solutions, where such occurrences are less likely to take place. It is therefore down to business leaders to make those changes.40% of staff agree that their organization’s CEO is the “weak link” in their cyber-security operation. CEOs are, after all, supposed to be leading by example. Therefore, along with all other leaders in the business, the CEO shouldn’t neglect something so important or take that gamble on security. It should be a number one priority, and if it is, not only will your employees be better prepared but you will foster a culture within your business that is cyber-security aware. A good business leader is similar to that of a good coach in a team sport such as football / soccer. Sometimes you need to concentrate on defence, preventing goals being scored against you. You can’t always go all out on an attack. You have to value both in the same light. In business, you cannot afford to neglect such an important component as cyber-security. So ask yourself. Are you a good coach? 4 in 10 employees believe their CEO undervalues cyber-security. Your chances of spotting a phishing email are as slim as you hitting a specific number (out of 37, including 0 and 00) on the roulette wheel.