Depending on the year and report you look at, users play a part in anywhere from about 60% to almost 80% of cybersecurity breaches. The "bad behavior" that leads to a breach varies but may include things like:
- Clicking on a bad links
- Re-using passwords across sites
- Inappropriately sharing data via OneDrive
- Using their work device for personal activities
- Using their business email for personal things like Facebook or Roku accounts
No matter what the root behavior was that led to the breach, many are preventable.
How Do You Stop Your Users from Doing Some of These “Bad Behaviors” & How Can You Protect Your Company When They Slip Up?
| 1 |
Create An “Acceptable Use” Policy for Your Organization, Publish It, And Make Your Users Sign ItSometimes you just have to tell people what “bad behavior” is, and they will be more than happy to comply. Make sure your policy includes things like not using business resources for personal reasons. There are some great templates you can get for free online, and Vista IT Group can help you polish them before publishing. |
| 2 |
Mandatory Security Awareness TrainingThis is one of the highest value security services a company can buy these days. Teaching end users how to spot different types of attacks is one of the best defenses. It might scare you how many attacks are not technical at all. Ask your Vista IT Group Account Manager or vCIO about KnowBe4. |
| 3 |
Phishing TestingWhat good is training if you don’t practice it from time-to-time? When we implement KnowBe4's phishing tests, we do a test before we ever start training. It is very common to have more than 35% of users click on that first phishing test email. After a year of mandatory training and regular phishing tests, that number is usually closer to 5%. |
| 4 |
Email SecuritySince email is a primary attack vector, having a top-notch email filtering service like ProofPoint is also very important. Will ProofPoint stop everything? Absolutely not. It’s not unusual for long-time employees to get hundreds of unsolicited emails in a single day. On average, 30-40% of those will be malicious emails. Moving from a solution that is 80-90% effective to one that is 95-98% effective reduces risk and saves employee time. That extra 5-15% of effectiveness may stop a lot of common, automated attacks but it won’t be very effective against new types of attacks or any well-executed, targeted attacks. That is why you need user education in addition to a top tier email filtering service. If you are a C-level or Director with social media accounts that identify that fact or your contact information is on the company’s public web site, you are a target. |
| 5 |
Endpoint Detection and Response with SOC ServicesIsn’t Endpoint Detection and Response supposed to stop ransomware? Yes, it is supposed to, and it does. EDR solution like SentinelOne backed by their SOC or the CyFlare SOC-as-a-Service stops automated malware attacks to the tune of 2-3 attacks per week per client for some of our managed clients. But ransomware is only one type of attack. There are some attacks that can be performed without using computer viruses at all, such as invoice fraud. Even still, 99% effective is still 1% ineffective in a world that sees thousands of new malware and security vulnerabilities per day. |
| 6 |
Multifactor Authentication and Dark Web ScanningOne of the contributors to attacks is credential theft. This primarily happens when users are tricked into entering login information into a fake web site or the same email address and password to get on the corporate systems are used on other web sites that get hacked. Dark Web scans look for those credentials on illicit marketplaces and let you know so you can change your passwords. Multifactor authentication systems like Cisco Duo or Microsoft Entra ID can be an absolute savior and should be enforced everywhere they can be. The Single Sign On features of those particular MFA solutions can sometimes even be used to protect logins that don’t otherwise support MFA. Be warned though, MFA isn’t perfect and not all MFA methods are equally secure. |
| 7 |
Patch Everything, All the TimeIt would probably shock most tech savvy people how many organizations get breached because they forgot to patch their firewall or their printer (yes, your multi-function network printer can be the beachhead for the attack). Ask your Vista IT Group Account Manager or vCIO about managed and/or co-managed services. |
| 8 |
Check Your Security and Do Not Just AssumeYou should have vulnerability scans and/or penetration tests done at least once every three years. Organizations in regulated industries might need to do it as much as once per year. Ask your Vista IT Group Account Manager or vCIO about getting a Health Check. |
Where does your company stand when it comes to cybersecurity? Take our assessment!
Want to see more articles like this?
Get great content delivered to your inbox!
