Human errors cause significant IT security problems for small businesses

By Admin — In Cyber Security — March 9, 2022



An employee accidentally clicking a phishing link can have serious ramifications. Here’s how to protect your business.

Candid Wüest recalls the time he worked with a client whose systems became infected with ransomware after an employee fell for a phishing attempt. The individual was tricked into downloading and running a file, believing it had come from someone in the IT department.

The breach wreaked enough havoc that the company had to shut down operations for the remainder of the day — and the next day as well.

“The employee accidentally wound up letting an attack into the network,” says Wüest, now Vice President of Cyber Protection Research at Acronis. “This human error caused the company to spend a significant amount of time and financial resources to recover from the attack.” It took several weeks, he adds, for the company to complete their investigation into the attack and ensure there were no other compromises in their network.

Unfortunately, human error still plays a key role in many cybersecurity attacks. In 2021, 44% of security incidents were caused by employees falling victim to phishing or other non-malicious security policy violations — up from 36% the previous year, according to IDG’s 2021 Security Priorities Study. This was the case even though nearly half of the respondents prioritized employee security training and awareness.

Human errors remain a factor simply because people are creatures of habit and will sometimes circumvent security protocols rather than adjust to them.

“Another reason is that individuals often feel rushed and overworked, which can lead to sloppiness, especially when going through emails,’’ Wüest says. “Most people have likely been trained on how to avoid phishing emails, but verifying links or manually typing known, legitimate domains into the browser window takes time — so these actions are often skipped.”

 How small businesses can protect their systems

Business leaders should remain determined to instill security as a part of the culture.

“Educating employees on proper security procedures cannot be a one-and-done solution,’’ Wüest says. “Company culture should continually build a security-first mentality. This strategy must come from the top down.”

Keep conducting regular training sessions. “Phishing tests can also be run to help employees see how easy it is to fall for phishing attempts. However, this should be used to educate employees, not punish them.”

“Security procedures should be a regular topic of conversation in meetings, and any potential issues should be widely discussed,’’ he adds.

But while education and a culture of alertness can reduce your risk surface, any system that relies solely on human judgment will almost inevitably see breaches — and it only takes one such failure to compromise an entire organization.

Modern security solutions incorporate automated defenses, like multi-layered anti-malware capabilities, that counter threats immediately upon contact, while URL filters can flag suspicious addresses and block users from ever encountering most cyberthreats.

Even if you lack a robust internal IT team, there are third-party services to fit every budget. Managed service providers can bring your systems up to proper security standards without breaking the bank. With average ransomware payments now over $100,000, it’s time to invest in proactive protection measures. Your business’ very existence depends on it.