Cultural change

Phishing and cyber security - how to limit exposure to human error

Often it is only one bad decision that leads to a cyber-security attack. Ensuring your team have a safe place to report when they have clicked on the wrong link can make all the difference.
Phishing and security vulnerability illustration

Often it is only one bad decision that leads to a cyber-security attack. While training standards have improved in recent years and increased cyber-security literacy, phishing remains a primary risk factor for initial intrusions.

A business that conducts comprehensive phishing training faces a counter-intuitive risk: If a person who has received training recognises that they have fallen for a fraudulent e-mail they may be too embarrassed or afraid of disciplinary action to bring it to the attention of the security team. This prevents them from taking counter-measures which could limit any potential damage.

Alongside training programs and robust security monitoring tools, it has become essential that staff and contractors can speak up comfortably when they have found a security issue, or when they have fallen victim to an exploit using software for anonymous reporting and whistleblowing.

Humans are the weakest link in the security chain

For many businesses, the weakest link in their security is not their technology, but their people.

There are many times in the operations of a business where human behaviour plays a fundamental role in its security performance. Recognising phishing e-mails, following security protocol, and performing code reviews are some examples of critical moments where security incidents take place.

An example: how phishing exploits work

Phishing is a type of social engineering attack in which an attacker attempts to trick a user into giving them sensitive information, such as login credentials or financial data.

The attacker will usually send an email that appears to be from a trusted source, such as a company or service provider, and contains a fraudulent attachment or a link that takes the user to a fake website. Once on the fake website, the user is asked to enter their login credentials or other sensitive information.

If the user falls for the scam and enters their information, it will be sent to the attacker, who can then use it to gain access to the victim’s account.

How can businesses limit their exposure to human error?

Ensuring staff feel comfortable speaking up is one of the most important ways you can ensure that you hear about cyber-security incidents before they develop.

The benefits of anonymous reporting platforms that enable anonymous and secure communication are two-fold with respect to a company’s security posture. They signal to your staff that you value their input and concerns, and they shield them from any fallout that might prevent them from sharing sensitive information. 

Want expert insights into workplace reporting?

Sign up for our newsletter.

We care about your data. Read our privacy policy.

Pricing toolkit 3