Search
Close this search box.

How to Survive a Disaster: User Error

Table of Contents

[fusion_builder_container type=”flex” hundred_percent=”no” equal_height_columns=”no” menu_anchor=”” hide_on_mobile=”small-visibility,medium-visibility,large-visibility” class=”” id=”” background_color=”” background_image=”” background_position=”center center” background_repeat=”no-repeat” fade=”no” background_parallax=”none” parallax_speed=”0.3″ video_mp4=”” video_webm=”” video_ogv=”” video_url=”” video_aspect_ratio=”16:9″ video_loop=”yes” video_mute=”yes” overlay_color=”” video_preview_image=”” border_color=”” border_style=”solid” padding_top=”” padding_bottom=”” padding_left=”” padding_right=””][fusion_builder_row][fusion_builder_column type=”1_1″ layout=”1_1″ background_position=”left top” background_color=”” border_color=”” border_style=”solid” border_position=”all” spacing=”yes” background_image=”” background_repeat=”no-repeat” padding_top=”” padding_right=”” padding_bottom=”” padding_left=”” margin_top=”0px” margin_bottom=”0px” class=”” id=”” animation_type=”” animation_speed=”0.3″ animation_direction=”left” hide_on_mobile=”small-visibility,medium-visibility,large-visibility” center_content=”no” last=”true” min_height=”” hover_type=”none” link=”” border_sizes_top=”” border_sizes_bottom=”” border_sizes_left=”” border_sizes_right=”” first=”true”][fusion_text columns=”” column_min_width=”” column_spacing=”” rule_style=”default” rule_size=”” rule_color=”” content_alignment_medium=”” content_alignment_small=”” content_alignment=”” hide_on_mobile=”small-visibility,medium-visibility,large-visibility” sticky_display=”normal,sticky” class=”” id=”” margin_top=”” margin_right=”” margin_bottom=”” margin_left=”” font_size=”” fusion_font_family_text_font=”” fusion_font_variant_text_font=”” line_height=”” letter_spacing=”” text_transform=”none” text_color=”” animation_type=”” animation_direction=”left” animation_speed=”0.3″ animation_offset=””]

Our latest blog on How to Survive a Disaster focuses on the less obvious factor – user error and vulnerability.

Cyber crime is on the rise, especially as people and businesses do more online, and the biggest risk associated with cyber crime is user error.
This makes sense when one considers that IT awareness amongst staff has failed to keep up with the high quality cyber security solutions now available.

For example, a good network security solution, used in conjunction with endpoint and email security, covers key areas of online vulnerability. But whilst this is a means of preventing exposure to malicious content, they cannot protect businesses from user error or lack of awareness.

“Less than 1% of the attacks we observed made use of system vulnerabilities. The rest exploited “the human factor”: the instincts of curiosity and trust that lead well-intentioned people to click, download, install, open, and send money or data.”

Proofpoint, Human Factor Report 2019

The Dangers of Social Engineering

No matter how sophisticated cyber security becomes, user behavior is unpredictable and remains a key risk factor.

Ultimately, cyber criminals are opportunistic. They know that it’s far more straightforward to trick a user into clicking a link than bypass a system designed to detect anomalies. Well-designed phishing emails can prey on the curious, desperate, or even oblivious. And it only takes one careless click for a disaster to occur.

Perhaps an employee receives an email that appears to be from ‘Dropbox’ or ‘Office 365’ – an email that they’re expecting or trust – but is actually a vehicle to harvest credentials. By clicking the link, the user is directed to a convincing spoof login page. Any credentials entered are then transmitted directly to the cyber criminal.Credit: J KlossnerA high-profile court case concluded only recently, in which a business brought legal action against an employee for unwittingly transferring over £200,000 to a cyber criminal.

An example of ‘whaling’ (the targeted impersonation of a senior executive), the victim was sent a ‘spoof’ email impersonating the Managing Director, requesting that urgent invoices be settled when possible.

The Managing Director was on holiday at the time. This meant that the criminal had prior knowledge of their absence and was able to manipulate the situation to make significant financial gain.

Poorly Configured Firewalls

Improperly configured network security is almost equivalent to not having any at all.

Its role is to protect your business’s network from malicious traffic, but if it isn’t set up properly, you could end up blocking genuine user requests to your network – or worse, allowing ransomware packages and data miners to infiltrate your corporate network!

Network security can be configured and maintained as part of Neuways managed IT service, eliminating the risk of a poorly configured firewall.

Whilst network security is one of your greatest assets in the battle against cyber crime, user error can lead to unexpected backdoor exploits, putting both yours and your customers’ data at risk.

If these exploits are taken advantage of by the wrong person, you’re looking at a data breach or costly downtime.

Lack of a BYOD Policy

Lack of a comprehensive BYOD (Bring Your Own Device) policy enables the exploitation of users, and by extension – your business.

Whilst your workplace devices have the latest enterprise-grade cyber security solutions in place, non-corporate devices often lack the equivalent security methods. Giving staff unrestricted access to your network with their own devices risks the circumventing of your business’s cyber security measures. For example, if a personal device infected with malware connects to your WiFi, you’re potentially creating a backdoor into your business.

A properly implemented BYOD policy might, for example, restrict access to the corporate network unless the device has fully up-to-date endpoint security. This means that you’re able to block access to mobiles, laptops, and other devices that fail to meet basic cyber security standards. Another criteria might be that staff must install multi-factor authentication in order to be granted access to the business network.

Remote working is proven to increase productivity and enable a far better customer experience. The perks far outweigh the drawbacks. However, it is only a secure method of working if a BYOD policy is in place. Failing to do this puts your business at increased risk of a cyber attack or data breach, and the downtime that often follows these disasters.

IT Awareness Training: Knowledge is Power

”Over 99% of emails distributing malware required human intervention – following links, opening documents, accepting security warnings, and other behaviors – for them to be effective.”

Proofpoint, Human Factor Report 2019

If you and your team are unaware of what to look for in a phishing email, you’re not going to be able to recognise it for what it is.

Cyber crime is evolving daily, as are the associated cyber security solutions, so it stands to reason that people too must keep up with these developments.

This is why IT awareness training is so important. It empowers your staff by giving them new skills, enabling them to play an active role in keeping your business secure and diminishing user error.

So, what do you need to look out for in a phishing email? We sampled a spoof Office 365 email to demonstrate these points. After all, Microsoft Office 365 phishing was the most popular type of phishing of 2019.In short, user error can cause havoc and open up a range of threats to your business.

Whether it’s falling for a phishing attempt, failing to setup your IT functions properly, or accidentally unleashing malware into your network through an unsecured device, the end result is the same:

Costly downtime for your business!

Ideally, you’ll be able to avoid a disaster with the relevant IT awareness training. But accidents happen, and it’s your ability to recover from a disaster that determines the cost of the incident.

This is why we always recommend having a comprehensive, flexible business continuity and disaster recovery plan in place.Of course, human error is only one of the potential threats to business continuity. Read more in our series, including How to Survive Internet Downtime, How to Survive a Cyber Attack, and How to Survive a Workplace Flood.

Concerned about user error? Talk to us about IT Training and BCDR on 01283 753 333, or email hello@neuways.com for more information.

[/fusion_text][/fusion_builder_column][/fusion_builder_row][/fusion_builder_container]

Want to keep up with our blog?

Get our most valuable tips right inside your inbox, once per month!

Latest IT News & Insights
Work Password Example - why you need a password manager
The most hacked passwords in 2024 and how to protect yourself
These are the most hacked passwords in 2024, learn today how you can protect your business and foster...
Read More
Early patching in Cyber Security
The Importance of Early Patching
Combat against cyber threats with early patching in cyber security.
Read More
Zero Patch updates - Cyber security vulnerability spotted - Neuways urge businesses to act.
Biggest Microsoft Patch Tuesday in years fixes four zero-days, five critical bugs
Discover how the latest Microsoft Patch Tuesday update addresses 142 vulnerabilities, including four...
Read More
Cyber security offered by Neuways in Derby
Businesses pressing ahead with AI regardless of Concerns
Businesses are ignoring concerns re: AI for data tracking. Neuways advise on how to foster a cyber security...
Read More
Cybersafe
What is Credential Stuffing and how can it affect your business?
Defend your business against credential stuffing attacks thanks to Managed Cyber Security services from...
Read More
Cyber secure culture within the business
6 ways to foster a Cyber Secure culture within your company
95% of cyber security issues traced to human error. Here is how to foster a cyber secure culture within...
Read More
Apple devices holding company data could be a security flaw in your business. Photo by Aurich Lawson.
Why it's important to control what apps go into devices that hold company data
If you supply employees with work devices holding company data, managers need to be able to control what...
Read More
Beware of Fake Free WiFi netowrks.
Beware of Fake Free WiFi Networks
Fake free WiFi networks allow cyber criminals to gain access and steal personal data. Use a secure WiFi...
Read More

Frequently Asked Questions

As a leading IT and technology provider, we offer three core services, all of which have additional add-ons. We offer Managed IT Support, Business Central implementation and consultation, as well as Managed Cyber Security. Call us on 01283 753333 if you are interested in any of our services.

Contact us

Support: 01283 753300

Business Development: 01283 753333

Purchasing: 01283 753322

Admin and Accounts: 01283 753311

Email: hello@neuways.com

Managed IT support is a comprehensive solution where an expert IT provider, like Neuways, handles your technology infrastructure. This includes proactive monitoring, maintenance, cyber security, and support.

Yes we do. Your business needs Cyber Security due to the increasing number of cyber threats that are affecting businesses in all industries. If your business has data and technology systems implemented, you will need Managed Cyber Security.

We can help you conduct Cyber Audits to assess whether your business would gain Cyber Essentials and Cyber Essentials Plus Certification. Our dedicated departments work with your team to assess how much work is required before you gain Cyber Essentials Plus certification. We will then provide advice and consultation on what aspects you need to change within your business before providing a quote on how we can assist your company become Cybersafe.

Yes we can. We have our own dedicated Microsoft Dynamics 365 Business Central teams who work to ensure that we can implement the right systems and solutions into your website that are absolute right for you. Our experienced business consultants have worked all over the world for organisations operating on a global scale. 

Exclaimer Pro is a dynamic email signature that helps clients to switch and change around email signatures so that clients are able to advertise different offers and brands to a variety of email recipients. Administrators can also manage user emails internally, meaning the user does not have to touch their own email signature.

We offer Managed Security Training to help employees spot email phishing attacks, spear phishing attacks and vishing attacks. We also help train clients on how to use the various pieces of software we provide to clients, like Exclaimer Pro, Business Central and Cybersafe software.

We are a Managed IT Support provider based in Derby, East Midlands. However, we cover so many areas including the whole of the UK, Europe, and America. We are always willing to travel and send our expert technicians to ensure you have the best experience. 

Got a question?

Reach out
& Connect

Please enable JavaScript in your browser to complete this form.
Name