Has your organisation ever fallen foul to an email virus or phishing scam?
Whether you have been directly affected or not, it’s likely that we have all witnessed a potential threat or scam land in our inboxes.
However, the Covid-19 pandemic has taken these threats to a whole new level. Online scammers and hackers have seen the pandemic as a one-time opportunity to attack organisations when they are at their most vulnerable.
At the height of the coronavirus outbreak in April 2020, the World Health Organisation (WHO) reported a five-fold increase in cyber-attacks globally, and urged businesses to be vigilant, having had 450 active WHO email addresses and passwords leaked online along with thousands of others belonging to people working on the Covid-19 response.
That same month, the Psychology of Human Error surveyed 1000 workers in the UK, and 1000 workers in the US, to look at how stress, distraction and workplace disruption can cause people to make more mistakes at work. Email security firm, Tessian, carried out analysis of the results from a cyber security viewpoint, producing a global report that revealed 43% of employees were making mistakes in the realm of cyber security, resulting in varying issues for their organisations.
In summary, employees surveyed claimed they made more mistakes when they were tired (43%), stressed (52%), or distracted (41%). Breaking this down further…
- 58% of employees surveyed had sent an email to the wrong person;
- 10% reported that they had lost their job for sending an email to the wrong person;
- 20% of organisations had lost customers as a result of an email being sent to the wrong person;
- 25% of respondents reported that they had clicked on a link in a phishing email, citing distraction, and belief that the email was legitimate as overriding reasons;
- 41% cited distraction as the reason for sending an email to the wrong person;
- 57% admitted to being more distracted while working from home; and
- 44% cited fatigue as a reason for mistakenly sending an email to the wrong person.
The report also revealed that men were twice as likely to fall for phishing scams as women, and employees aged 18-30 were five times more likely to make a mistake that compromised cybersecurity than those aged over 51.
Tessian, through its report, urged businesses to look at the impact that stress and workplace cultures could have on incidences of human error, thereby opening up an organisation to cyber security threats.
These high numbers suggest that the shift to working from home, and the related pressures specific to the pandemic, play a large part in employees making cyber security mistakes. Unfortunately, online scammers and hackers understand the compromised state that employees and their organisations are in at this time, and they are capitalising on it. So what can be done?
The Tech Factor
Virtual private networks (VPN) provide encrypted tunnels between employees, devices and your network, keeping hackers and third parties from watching your activity.
Using two-factor authentication strengthens the security of your cloud platforms. A file encryption service will secure your digital assets both locally and in the cloud.
Investments in strong cloud security and network security will also be vital for mitigating risks of data breaches and loss, or the network going down.
Look to your IT department or employ the services of an IT support company to put these safeguards in place.
The Human Factor
It is vital to train employees in recognising threats, but as humans, we cannot be error-free 100% of the time, and there can be no ‘One Size Fits All’ training for employees – behaviours are affected by everything from age and gender, to expertise, confidence, working style, and emotional and physical states.
Organisations need to analyse the behaviours of its employees, and the conditions under which they find themselves, particularly in the time of a pandemic when routines are hijacked, work locations change, personal and professional demands increase, technology is stretched and mental health is challenged.
Some employees work exceptionally well under pressure, while others make more mistakes. Some use technology with confidence while others approach it with mistrust. Some thrive within a team in the workplace, but falter when working in isolation at home, and vice versa.
All of these variations in human behaviour must be taken into consideration, and cyber security training and support will need to be tailored to the individuals as closely as possible.
Cyber security threats have always been an issue, particularly since the evolution of the Cloud and mobile networks, and there has always been technology available to help protect organisations from cyber-attacks.
But ultimately, and as the online scammers and hackers have revealed by intentionally coming out in force these last few months, the best technology in the world can’t fully protect an organisation if the humans working alongside it do not have everything they need.