Phishing and cyber security - how to limit exposure to human error

Often it is only one bad decision that leads to a cyber-security attack. Ensuring your team have a safe place to report when they have clicked on the wrong link can make all the difference.
Phishing and cyber security - how to limit exposure to human error
24 October 2022

Often it is only one bad decision that leads to a cyber-security attack. While training standards have improved in recent years and increased cyber-security literacy, phishing remains a primary risk factor for initial intrusions.

A business which conducts comprehensive phishing training faces a counter-intuitive risk: If a person who has received training recognises that they have fallen for a fraudulent e-mail they may be too embarrassed or afraid of disciplinary action to bring it to the attention of the security team. This prevents them from taking counter-measures which could limit any potential damage.

Alongside training programs and robust security monitoring tools, it has become essential that staff and contractors can speak up comfortably when they have found a security issue, or when they have fallen victim to an exploit.

For many businesses, the weakest link in their security is not their technology, but their people.

There are many times in the operations of a business where human behaviour plays a fundamental role in its security performance. Recognising phishing e-mails, following security protocol, performing code reviews are some examples of critical moments where security incident take place.

An example: how phishing exploits work

Phishing is a type of social engineering attack in which an attacker attempts to trick a user into giving them sensitive information, such as login credentials or financial data.

The attacker will usually send an email that appears to be from a trusted source, such as a company or service provider, and contains a fraudulent attachment or a link that takes the user to a fake website. Once on the fake website, the user is asked to enter their login credentials or other sensitive information.

If the user falls for the scam and enters their information, it will be sent to the attacker who can then use it to gain access to the victim’s account.

How can businesses limit their exposure to human error?

Ensuring staff feel comfortable speaking up is one of the most important ways you can ensure that you hear about cyber-security incidents before they develop.

The benefit of internal reporting platforms which enable anonymous and secure communication are two-fold with respect to a company’s security posture. They signal to your staff that you value their input and concerns, and they shield them from any fallout that might prevent them from sharing sensitive information.

More from the Elker blog

Phishing and cyber security - how to limit exposure to human error

Often it is only one bad decision that leads to a cyber-security attack. Ensuring your team have a safe place to report when they have clicked on the wrong link can make all the difference. Read More →

What are the advantages and disadvantages of anonymous reporting?

Anonymous reporting encourages people to raise concerns, complaints and ideas without revealing their identity. Elker helps people speak up, and leaders listen. Read More →

Privacy and transparency are critical for good problem solving

Some important questions to ask before reporting something at work. Read More →