Cyber security: find the vulnerable users in your organisation

A COMPANY'S CFO receives an unexpected email from the CEO asking for funds to be transferred urgently. The CFO requests the relevant details and sends thousands of pounds to the given account. Later that day, the CFO bumps into the CEO and casually asks ‘Did you get the money?’ and the CEO responds, ‘What money?’

The CEO never sent the request and, therefore, never received the money.

Another employee at a different firm is sent an email attachment that reads ‘Invoice’ or ‘Purchase order’. The employee opens it without first checking its authenticity. Within minutes, all their files on the PC have been encrypted as well as all the files on the server. The entire company’s systems are down for two days.

According to the FBI, billions of dollars are lost every year due to these exact issues. As an SME, how can you fight these threats? How do you identify the people who are most vulnerable to these attacks?

The NHS, Equifax, Maersk, TalkTalk and TNT Express… You know what they all have in common. In most cases, these attacks happen due to the actions of an individual user. For instance, an employee of the company opens an attachment or clicks on a link that he/she is not supposed to. A study done by KnowBe4 found that 16% of employees routinely click on a link from an unknown source.

Anyone who works in IT knows the story. We send out periodic emails asking our colleagues not to open attachments and links from unknown, potentially dangerous sources and many never read our emails. They go ahead and click. The click sound is nice!

It doesn’t matter what software you use, what firewalls you have in place or how many policies and procedures you write; ultimately, user education is the key.

So, how can you educate them?

Announce a town hall meeting and start talking about Trojans, PUPs, Malware, WannaCry, etc.? No, not really!

You need to think like an attacker. You will need to phish your users and measure how many people are clicking on the links or opening attachments that they shouldn’t be. Then, assign them to a relevant training course. I would love to explain exactly how it works in this post but that defeats the purpose.

We are currently helping several companies with exactly this problem and we would love to tell/show you how it works [strictly for IT departments]. Our goal is to bring those who ‘click’ down from 16% to fraction of it in the space of a few months.

Call us today on 01224 51 61 81 or email for a no-obligation chat about how we can help.

If you don't see results, we will give your money back. Thanks for reading.