Small Businesses: Human Error is your number 1 Cyber Security risk

Posted 09/09/19

Typically, when you think about cybersecurity, images of sinister, hooded hackers, virus attacks and malicious malware spring to mind.

However, despite these common threats to security, human error still remains the underlying concern for small business owners. In fact, according to Decode the Human Threat only 18% of data breaches are caused by an external threat and up to 90% of all cyber-attack claims are down to human error. 

To combat this issue, small business owners must invest more in employees – both through provision of education & awareness and by hiring the right people for the right roles. Keep reading our post about cybersecurity risks, as we highlight the top five human errors that impact small business owners and how to protect your data against the threat of human error.  

Allowing unauthorised users access to company hardware 

If you’re a small business owner that gives employees various access privileges, such as working remotely or working from home, you may be putting yourself at risk of a potential data breach. Employees allowing external peers and family members access to your business information systems could result in exposure to sensitive company data, such as your organisation's customer data, accounts and more. What’s worse, peers could unknowingly download malicious malware, that could give expert cyber-criminals and hackers access to corporate accounts, data and storage. 

To properly tackle this issue, small business owners should take measures to implement security controls across all employee devices, ensuring they remain protected with strong passwords. As well, where applicable, organisations should utilise two-factor authentication (2FA) or multi-factor (MFA) security measures, so employees can only give peers permission to use their devices via approval from another connected device - meaning they can be sure who is accessing when and what at all times. 

The severity of cyber threats is varied, as employees can never be sure who is gaining access to their devices, systems & networks. Investing in cyber insurance with a reputable insurance provider, such as Ashley Page, can help to safeguard your business with relevant cover. 

Weak user passwords

According to TechRepublic in 2018, 25% of employees use the same password for every single account and of those, 81% say they don’t password-protect their phone - or hardware devices, at all. Whilst this poses a cybersecurity threat in itself, once a malicious hacker gains access to your password chain - this opens up a whole lot of sensitive data compromisation that can arise as a result of reusing the same password. Once the password is known, attackers can gain access to a variety of company data, bank accounts and more that could ultimately be extremely damaging to your small business. 

Make your employees aware of the implications that could arise purely as a result of duplicating their password, as well as stressing that they steer away from obvious passwords (such as 123, ABC, 111, etc). One of the best ways to combat this is to utilise a password manager tool, where passwords are stored in highly secure software and will suggest strong, impenetrable password suggestions each time an employee is prompted to create a new password.

Falling Culprit to fraudulent emails

Fraudulent emails, commonly known as phishing, is one of the most dangerous, longstanding security threats to a small business owner. Regardless of how skilled your employees may be and despite what people think they know about phishing, these cybercriminals can create extremely sophisticated emails replicating trusted businesses and companies still fall victim to these cleverly targeted ‘spoof’ emails. 

Accidentally opening a seemingly innocent phishing email with malicious attachments can cause malware to install onto the user’s device, that can inevitably give attackers a foothold into your small business from which they can extract sensitive client data, account passwords, intellectual property and much more. 

To combat this, business owners should invest in a fraudulent email detection service, where emails are monitored and scanned once they arrive in your inbox, and will make the decision to either flag as suspicious, or safe to open. Though a fraudulent email detection service can only go as far as to flag up any, the most efficient way to prevent opening harmful emails is to make sure your staff are up to date with relevant cybersecurity training. It’s advisable for small business owners to periodically check employees are following the best practice preventive measures.

Emails fall into the frequent human errors category once more, as email misdelivery is a common issue amongst employees. According to the latest data breach report by Diligent, simple mistakes such as sending personal information to the wrong recipients accounted for 12% of 245 data breaches in one quarter alone. Accidentally putting your companies sensitive information in the wrong hands can lead to serious data breach consequences.

What can small business owners do to combat the risk of human error? 

It’s imperative that small business owners put together a form of a training plan for new and old employees alike, to keep them up to date with cybersecurity basics that may prevent the loss of crucial information. At Ashley Page, we’ve recently joined forces with a leading cyber risk management company, Risk Factory, to offer small business owners a unique, adaptable cyber insurance solution. Our Cyber+ Insure policy plan helps support companies to build a healthy, efficient safety policy around your existing IT infrastructure. Not only does this help small business owners reduce the likelihood of a cyber-related incident, it also offers valuable training services to ensure your employees are up to date with the latest security policies. 

Choose from a whole suite of products and services, designed to be adaptable to reflect your business’s unique needs, with services such as Information Security eLearning, vulnerability scanning, security penetration testing, security consultancy and more. Take a look at our Cyber Risk management section for further information on cyber risk management, or simply call our team to receive straightforward cyber risk advice, to help prevention, detection and response. 




Posted 09/09/19

Latest News from Ashley Page

Five ways business owners can prevent a cyber attack

28th October 2019

However big or small your enterprise may be, no business is exempt from falling victim to a cybersecurity attack. Learn how to minimise the risk.

Small Businesses: Human error is your number 1 Cyber Security risk

9th September 2019

Human error remains one of the biggest cybersecurity risks to small business owners. Read our guide on how to spot the most common threats.

Supply chain and Cyber Security risks

9th September 2019

Supply chains are at a greater risk of a cybersecurity attack, due to the large nature of chains and third party suppliers, learn about the risks…

What is the most common cause of a cyber incident in the hospitality industry?

29th August 2019

The digital nature of the hospitality industry makes businesses vulnerable to a cyberattack. In this post, we outline the most common causes.