If It’s Convenient Be Suspicious – The Human Aspect

Uploaded on 2023-03-31 in TECHNOLOGY--Resilience, FREE TO VIEW, BUSINESS-Services-Financial

The threat of cyber crime continues to rise. It seems we can’t go very long without reading about yet another company breach.

Research points to a significant increase in sophisticated, socially engineered attacks and a market unprepared to deal with the response. Recent studies indicate that in 93% of cases, cyber criminals breach an organization’s network. Yet more than 40% of executives don’t believe they can keep up with digital transformation and its looming security concerns.

In a world where 21% of breaches occur because of human error, how do CIOs encourage employees to care about security?

Here are three ways to shift focus from convenience to safety in your organization.

Know The State Of Your Business

The first step to mitigating cyber risk is performing a cybersecurity risk assessment. This process identifies potential threats and vulnerabilities in your organization. By exposing risk areas early and often, you have the opportunity to proactively find solutions before a breach occurs.

Further, a robust security plan demands adherence to regulatory guidance. One of the biggest trends in the payment industry is the rise of stricter guidance on handling customer information. To help navigate these changes, companies should:

  • Invest in cloud-based software systems.
  • Utilize business intelligence tools to have data visibility and security at the forefront of every conversation.

Make Employee Training A Necessity

The most prominent vulnerability to any organization is humans. After all, heightened security measures don’t always equate to convenience.

Take, for instance, employee or company credentials. While it’s easy to use similar, or the same password, lessened security measures have a big impact with today’s technological advancements. According to IBM, 19% of breaches are caused by stolen or compromised credentials. Breaches of this type have the longest lifecycle and cost an average of $4.5 million.  

Employees are also often duped by phishing emails and messages soliciting personal or company information. These attacks have increased in sophistication with many appearing from someone within the company or a client.
Companies should take a proactive approach when it comes to dealing with human error. Security awareness training can help decrease IT costs, protect company reputations and security cybersecurity investments. By targeting areas of risky employee IT behavior head on, companies can teach employees how to spot phishing scams, malware behaviors and other potential security threats.

One way to do this is through an interal training program that involves fake scam or phising scenarios sent to employee emails. Vary the type and subject of these scenarios (for example, utilizing a falsified Amazon message around the holidays) to help employees understand the real world implications of a true attack. How employees respond to these type of scenarios will give companies insight into what training is still necessary for their workers.    
Add Increased Security Measures

With the rise of fintech comes the need to shift focus to safety. Additional layers of security protection will protect your client’s most important information - and your business reputation.

Multi-factor Authentication:   Financial institutions should always require multi-factor authentication when accessing accounts. This practical step ensures the right person has access to their funds and transactions by using another trusted mobile device as verification.

Payer Authentication:   Payer authentication, also known as 3-D Secure, adds an added layer of security and greatly reduces the risk of unauthorized credit card usage. Essentially, credit card associations provide additional fraud protection by asking the cardholder to confirm their identity at the time of purchase.

Digital Wallet:   Customer payment methods are quickly shifting from physical to a touchless eCommerce environment. In fact, 35% of credit card owners have added them to a digital wallet. This type of fintech solution couples convenience with security, allowing automated data transfers through a secure channel. When choosing a digital wallet solution, ensure it’s supported by a trusted fintech vendor. Leading providers will constantly be improving on the safety features of the platform and requiring additional security measures like two-factor authentication and biometrics. 

Prioritize Safety Over Convenience

The reality is, it’s not if a cyber attack will happen but when. As business becomes more digitized, consumers are looking for ways to streamline everything, including private, personal information. As a general rule, if it’s convenient, be suspicious.

All information, especially personal client information, can be subject to a breach. By taking proactive steps to optimize security measures, you can be better prepared to face an attack head on and mitigate its impact.  

Travis Everett is  COO of the National Merchants Association    

You Might Also Read: 

Human Error Is A Hacker's Dream:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

 

Cyber Security Intelligence: Captured Organised & Accessible

 

« Law Enforcement Agencies Shut Down Genesis Market
The Dark Side Of The New Dawn In AI »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Prolinx

Prolinx

Prolinx provide secure Data Centre hosting services and other fully managed security services for networks and information systems.

iXsystems

iXsystems

iXsystems is a leader in Open-Source enterprise server and storage solutions including Backup & Recovery to protect critical data.

DataVantage

DataVantage

DataVantage data masking and data management software helps you prevent data breaches, pass compliance audits and meet regulatory requirements such as HIPAA and PCI DSS.

Illumio

Illumio

Illumio delivers adaptive security for every computing environment, protecting the 80% of data center and cloud traffic missed by the perimeter.

Odix

Odix

Odix security software neutralizes file embedded targeted cyber attacks before they enter your organization’s network.

Ergon Informatik

Ergon Informatik

Ergon Informatik AG is Switzerland's leading provider of customised software solutions and software products including fraud detection and the Airlock web security suite.

SK IT Cyber Security

SK IT Cyber Security

SK IT provide services and solutions for cybersecurity and advanced information system engineering.

Specops Software

Specops Software

Specops Software is a leading password management and authentication solution vendor.

IPification

IPification

IPification is a highly secure, credential-less, network-based authentication solution for frictionless user experience on mobile and IoT devices.

Urbane Security

Urbane Security

Urbane Security is a premier information security consultancy empowering the Fortune 500, small and medium enterprise, and high-tech startups.

Grip Security

Grip Security

Grip Security provides comprehensive visibility, governance and data security to help enterprises effortlessly secure a burgeoning and chaotic SaaS ecosystem.

DEKRA

DEKRA

DEKRA’s promise is to ensure the safety of human interaction with technology and the environment.

Institute for Applied Network Security (IANS)

Institute for Applied Network Security (IANS)

For the security practitioner caught between rapidly evolving threats and demanding executives, IANS Research is a clear-headed resource for decision making and articulating risk.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

XONA Systems

XONA Systems

XONA is The Zero Trust user access platform for the OT enterprise. Secure operational access to critical systems - from anywhere.

Precision Cybertechnologies & Digital Solutions (Precision-Cyber)

Precision Cybertechnologies & Digital Solutions (Precision-Cyber)

Precision-Cyber was founded on the philosophy of state-of-the-art cybersecurity and digital solutions. Our guiding principle is simply that we will provide and secure all your digital needs.