Who is the weakest link?

You may have the most sophisticated security gadgets and gizmos in the small business world but these will not protect your business from every cyber risk out there. It’s widely acknowledged that the weakest link in IT security is the human factor – mainly because people are too trusting and think that they’re never fall for any scam.

So we all need to make sure that everyone in our businesses is up to speed on the dangers of cyber attacks. Just because it isn’t on the news every day doesn’t mean that companies aren’t losing thousands of pounds every day. Make sure that everyone in your business is up to speed. Don’t forget:

  • Email requests asking for banking detailsBanks will never contact you to ask for your security details
  • HMRC emailing you about a tax refund. This is a popular one as everyone like’s a tax refund but HMRC will never email you about these sorts of things
  • Suppliers sending emails telling you about their new bank account. Check with someone you know at the supplier to make sure that it’s correct (don’t call the number on the email or letter)
  • Phone calls from the bank asking you to confirm your PIN code. Again, banks don’t do this!
  • People bypassing your office network by bringing in files on USB sticks or installing applications that haven’t been approved by you. A great example of this is Dropbox so that people can access their personal files at work. Do you really want this?
  • The dodgy attachment from an unknown source. Make sure everyone knows not to open attachments if they don’t know who it’s from.  If it looks dodgy then ask!
  • Keep your computer up to date with security patches.  Don’t keep postponing updates.  Apple and Microsoft are working hard to keep our computers safe but their work is in vain if we don’t install these patches!
  • If you use Cloud systems then make sure your privacy settings are correct.  You don’t want anyone else browsing through your confidential data
  • Make sure you have strong passwords and don’t write them down.  Can someone wander in to your office and see your password on a post-it note on your screen?  Or are you using one of the most common passwords like 12345678 or Password1?

Some people will assume they’re never fall for any scam or they’ll just bury ther heads in the sand. We call this the “it will never happen to me” syndrome (IWNHTM).  This is so dangerous and it’s up to all business owners to make sure nobody is suffering from it!

So keep going with the awareness campaigns. Make sure everyone understands the risks and don’t assume that they’re obvious. Have an atmosphere of openness – don’t make people feel embarrassed to query anything.  If something on their computers looks dodgy then they need to have someone to check it with.  Don’t run the risk of making things worse.

It’s not just a case of having a policy and never mentioning it again. It needs to be at the front of everyone’s minds all the time.  It’s just one of the joys of working with IT!