The situation

Businesses across Scotland’s capital are coming under increased attack from cyber criminals. At IT Foundations we have seen an increase in attempted cyber attacks on small and medium sized business in recent months. The majority of these attempted attacks are phishing scams; emails that are designed to lure potential victims into giving away their credentials or clicking links to download malware onto their computers.

According to data from Varonis, Verizon and Ponemon 90% of successful data breaches involve phishing and an amazing 86% of organisations faced Business Email Compromise attacks in 2019. The worse news is that the volume of attacks has increased during the covid pandemic as remote working has meant that people are outside the direct control of IT departments and support companies. This makes people much easier targets and this is a problem that is only getting worse.

The Problem

Phishing scams used to be fairly easy to spot. They were often poorly worded with tell tale grammatical errors abound. Now cyber criminals are becoming more skilled at mimicking real brands such as PayPal or Apple. Sometimes criminals can be even smarter are after gaining access to one person’s emails, they will start to send emails to the victim’s contacts. An email from someone you know asking you to log in somewhere is far more persuasive than a generic email from a larger company.

The Solution

Thankfully there are methods that can combat these attacks which lead to only a handful of attacks resulting in success for the criminals. Software solutions such as email spam filters do a great job of blocking many of the less targeted phishing attacks but it’s harder to block those that originate from trusted sources.

That is why smart businesses are turning to the secret weapon that can help them beat back attackers: their staff.

People are often referred to as the ‘weakest link’ in a company’s cyber defence but in reality people can be the best defence that an organisation has. Staff who receive cyber awareness training can thwart would be attackers without having to have any specific IT knowledge.

There are many platforms available online such as uSecure or KnowBe4 that provide such training. IT Foundations includes access to this training for free as part of our support packages for our customers. These courses teach people how to keep safe both at work and at home. Key messages such as calling the sender of an unexpected email to verify its authenticity are explored. Staff are taught how to avoid clever tactics that criminals use to gain access to offices (such as waiting at the door with cups of coffee in each hand, hoping to be let in by a well meaning employee) and they are armed with the knowledge of how to avoid accidentally leaking confidential data through ill-considered social media posts.

The Recommendation

With a very small investment in training, companies can greatly increase their cyber defences. Doing so can save the organisation from a lot of costly pain and reputational damage.

We strongly advise all businesses, not just those in Edinburgh, to invest in training staff. It’s the single most effective tool that can be put in place to protect businesses from attack. Fancy kit and expensive anti-malware software will help, but without staff having basic knowledge none of those tools will work.

If you would like to discuss cyber training or how you can bolster your cyber defences then get in touch with us today.