Why YOU Are Your Network's Greatest Vulnerability

You care about security 

How do I know? You’re reading this, right now!  

The hardest part about caring about security? It’s knowing that you’re only good as long as you’re mitigating every risk. And what is the hardest part about maintaining your security? You’d think it would be the evolution of advanced technologies brute-forcing their way into your network. In reality, the single biggest threat to your IT systems is human error.  

Human Error: The Single Biggest Threat 

Take a second to unpackage that. 

Despite all the advancements in new technologies to enhance security, it still looms that, more often than not, attackers get let in through the front door using phishing attacks.  

I recently spoke to an industry leader in cyber security and was warned that attacks like the one described below are likely to be on the rise due to the fact that they are simple and effective.

People post a lot across their social media platforms. And they may post a picture of a pet, or child, or something else that helps an attacker get some identifying information about them. Once the attacker has some information about you, they find out where your children go to school and falsify an email to you from the school. It might not look suspicious at first to get an email from your child’s school but take note of a few things:

1.       Does the school even have your work email? If the answer is “no” then definitely DO NOT proceed! Maybe they do have it?

2.      Check the email address. It should stay in format with all the other emails that you have gotten from the school, and should be from an email address that you recognize. If the other emails you get come from a .org address, be very suspicious of anything coming from a different top level domain.

3.      Does it over all look “ok?” What is the point of the email? More often than not, attackers use some form of vague call-to-action that point to an attachment or link. Be weary of any sort of link that isn’t explicitly clear what it is. Something like, “your child’s behavior” or “PTA info” without any context in the rest of the message is a red flag.

4.      Does the messaging try and create a high sense of urgency? This is a common tactic that is meant to make you miss some context clues that it is an attack.

Q: So how do you deal with security issues in your organization?

A: TRAINING, TRAINING, TRAINING!

What is involved in security threat training? 

These kinds of trainings should be ongoing in order to understand how phishing attacks work. Here the attacker, exploits your system’s greatest vulnerability, the end user. Despite your best efforts, and all the layers of protection you have around your network, the easiest way through the front door is the end user via Social Engineering. These types of attacks can be avoided through security threat training. A few great techniques to implement would be to: 

-        Conduct penetration tests regularly 

-         Provide your staff with information on new types of attacks

-         Conduct user training on important security policies

-         Attention to detail when clicking links in emails 

TL;DR

Do we have to go back to the days of safeguarding our identity on the internet? Never using our real names, or posting pictures of any identifiable thing? Probably not, but it’s becoming increasingly important to stay educated on the different types of cyber threats. For more information, check out 1-UP IT Consulting on your social media platforms.

Visit our website and check out our services