Staff ‘Complacency’ Set to Increase Cyber Risk

Despite the rise in cyber security and the training that staff receive in learning how to spot cyber attacks before they become a problem, businesses still run the risk of being the target of cyber-attacks. These attacks can sometimes have disastrous consequences and are generally caused by human error and worker complacency. In this article, we will look at the most common cyber attacks, their impact on companies and how you can protect your business from falling prey to online attacks.

If you have any concerns about Cyber Risk, contact The Yorkshire Broker. We’ve worked with businesses throughout Yorkshire, offering expert, unbiased advice and support. Get in touch by calling 01924 929070.

Insurance Made Personal

Types of human error

Humans make mistakes, it’s a part of what makes us, us. When looking at human errors, they can be broadly categorised into two types. Skill-based and decision-based errors. The difference between these errors comes down to whether the individual had the knowledge to perform an action in the right way.

Skill-based error

 

A skill-based error can be categorised as an error that the person makes because of lapses in judgement, whether that be due to tiredness, distraction, or negligence. The individual knows what they are meant to be doing, but fails to do so.

Decision-based error

 

This is where the individual makes the wrong decision. This could be due to a  number of factors, but the most likely is inadequate training and therefore an inadequate level of knowledge. This can lead to the individual not even knowing they are making a poor decision. Decision-based errors can also be due to inaction, where the user fails to perform an action, leading to a cyber breach.

Consequences of cyber attacks

 

There can be huge consequences for cyber breaches, even if they are accidental. In 2015, an NHS trust was fined £180,000 after a sexual health clinic leaked the details of nearly 800 patients who had attended sexual health clinics. The breach happened when an employee accidentally added the patients to a newsletter instead of blind copying them in, allowing their details to be made available to everyone. 

In 2020, leading law firm Tuckers were hit by a ransomware attack after failing to increase their cyber security protocols having failed the government back Cyber Essentials standard. The attack encrypted 972,191 individual files and led to the firm being fined £98,000. 

Far worse than either of the above, whilst only affecting 15 people, was Crown Prosecution Service (CPS) breach. It was fined £325,000 after it lost unencrypted dvds of recordings from interviews with child sex abuse victims The dvds where being sent between two offices via tracked delivery, but they were left at reception and subsequently went missing. They have never been found.

How you can protect your company from staff complacency

 

Human error leading to cyber attacks is not impossible to counteract by eliminating, as much as possible, the opportunities that lead to these errors happening. It is important that you approach the causes of human error from both the skills based and decision-based situations. 

Changing the way your business operates will be a key block in mitigating any data breaches and cyber attacks. There are numerous ways this can happen, but the easiest to implement are:

Control

 

Ensure that your users only have access to the data and functions that they need to be able to perform their roles and jobs. In doing this, you are reducing the amount of information  that any one user is able to access, reducing the amount of information that will be exposed in case of a breach.

Password management

 

According to the National Centre for Cyber Security, the most popular password in the world is 123456. Password related mistakes are the main cause of cyber breaches. Leaving passwords taped to screens, using the same password across a multitude of sites, and sharing them with colleagues are all huge red flags that your password security is poor. Using long passwords reduces the chance of hackers and criminals guessing your password, and implementing two-factor authorisation adds an extra layer of safety to your online accounts.

Training

 

Decision-based errors often lead from a lack of knowledge. The easiest way to mitigate this is by investing in training for your staff. This includes making sure they have the right knowledge and tools to do their job, and also have security training so they can spot phishing emails, understand password security, and malware training. It may be time-consuming, but it will save you money and time in the long run.

Cyber insurance

 

Even with the best training and most competent stuff, issues can still arise. That is why getting specific insurance for data breaches and cyber attacks should be a part of any insurance policy. Not only does it protect you from the monetary costs involved, it can act as a safety blanket for you and your staff should an attack occur. Speak to an advisor to see what cover would best suit your business.

Reducing human error from your business comes from two angles: educating staff and reducing the opportunities for them to make these mistakes. Increasing training and creating a stronger security culture in your business will go a long way to reducing the risks of cyber attacks and costly data breaches. 

If you’d like some advice from an experienced broker on Cyber Risk Management and considerations for your business, contact The Yorkshire Broker. We’ve worked with businesses throughout Yorkshire, offering expert, unbiased advice and support. Get in touch by calling 01924 929070.

Read or leave a review

Website Hosting by Dark Cherry Creative.