The Human Factor and Security Concerns with Cybersecurity and Security Breach

Hikvision Tips to Educate Employees on Identifying Common Security Threats and Concerns

Security magazine outlined the human challenges and resulting security concerns of maintaining a cyber-secure environment in the article, “Cyber Incidents: The Human Factor.”

The story lists three primary causes of security breach were malicious attack, system glitch and human error, citing a 2018 study by the Ponemon Institute. The article noted that 27 percent of data security breaches are caused by human error.

“Increasingly, businesses are suffering from an employee’s failure to adhere to its established culture of cybersecurity. A wave of social engineering frauds and fraudulent funds transfers are resulting in seven- and eight-figure losses that are transferred from a business’s accounts to those of bad actors, which are then swept clean before the fraud is detected and authorities notified. In most of these cases, an employee thinks that they are communicating by email, phone, voicemail, or text with a colleague, customer, or counterpart at another business. In actuality, the employee is communicating with an imposter that is using their knowledge of the business, the employee, or a third party to convince the employee to do something that they otherwise would not have done had they known all of the facts (i.e. purchase gift cards, wire money, grant access to computer systems, or open an attachment),” from the article.

It also outlined the following tips to prevent threat exposure:

Provide employee education on common threats and emerging risks.

Use email alerts to identify when a new risk has been detected.

Implement employee testing for risks such as phishing.

Hikvision Tips to Educate Employees on Identifying Common Security Threats and Concerns
Hikvision has outlined tips that can help employees and partners identify common security concerns to prevent becoming a victim of them. Below is a link to some common threats with insights to avoid them:

Examples of Phishing Part One and Part Two: In these Hikvision blogs, our cybersecurity director outlined examples of phishing emails so you can identify them and avoid clicking on malicious links. Phishing has long been an effective way for attackers to trick people into divulging sensitive information or infecting a system with malware. Malware can give an attacker remote access to protected systems and networks, encrypt a user’s data and charge a ransom to decrypt the data, or use that system as part of an attack against other systems. A critical part of malware defense is identifying a phishing attack.

Spear Phishing and Cybersecurity in the Workplace, Part One and Part Two: Spear phishing is a special type of phishing attack. Targeted to a specific person or organization, spear phishing emails typically have information about the victim in the email that makes the email seem credible.

Spear phishing part one also included the following recommended actions to take if you receive a spear phishing email:

If this is a business email address, let your cybersecurity team know immediately about the threatening email. There could be an ongoing company-wide campaign that the cybersecurity team can stop. If the cybersecurity team is aware of the campaign they can also help educate employees.

Visit https://haveibeenpwned.com/ This site is hosted by a respected cybersecurity professional named Troy Hunt. Make sure to enter all work and personal email addresses, and subscribe to get updates. If your email address is ever found in a data breach, you will be alerted. They won’t have every data breach, but if there are a large number of usernames and/or passwords posted to the dark web, the site will likely add that list and email you if your username/password has been part of that data breach.

Use two-factor authentication (2FA) or multi-factor authentication (MFA) everywhere possible.

Use a password manager. This will allow you to make great passwords (20 plus characters) that are unique for every website. And, you won’t need to remember any of them.