Human Error May Be the Biggest Cybersecurity Threat
Digested from Multi-Housing News
While there are many steps a company can take to reduce the threat of being hacked, training employees through phishing campaigns can yield the biggest results.
Want to protect your computer network? The first step should be training your people.
“Whenever humans interact with systems, they introduce errors, which can lead to exploits by attackers,” writes Jeremy Rasmussen on Multi-Housing News. “People use weak passwords. People click on links to malicious sites. People give out too much information via email or phone.”
These issues are magnified in the high-turnover property management field. Rasmussen diagnoses the industry’s problems as a “lack of visibility into these remote sites, users prone to phishing and social engineering attacks, and a false sense of security because they’re connecting to a ‘secure cloud.’”
So how does a company protect information, like sensitive personally identifiable information, customer communications and financial transactions? The solutions encompass policy, governance, software, hardware, systems and people, according to Rasmussen.
To protect itself against hacks, a company must have intrusion detection monitoring, and active incident response and continuous cybersecurity training for employees. That training should include policy, initial training, ongoing training and phishing campaigns, which requires companies to send periodic fake phishing emails to their employees and track the response to them.
“Our experience has shown that companies for which we run continuous phishing programs can reduce their ‘click-though’ rate for phishing emails from 20 percent to 25 percent initially, down to less than 3 percent,” Rasmussen writes. “That is a significant reduction in the attack surface of the organization. We can never eliminate all risk in the enterprise, but by making it as small as possible, hackers will move on to lower hanging fruit.”