For many of us, the term ‘cyber’ evokes memories of Doctor Who’s cybermen (or were they women?).
And although hiding behind a cushion on the sofa with your siblings might have cut it in the 70s, today’s cyber baddies need more stringent methods to keep their menace at bay.
AI-driven cybercrime poses an increasingly sophisticated threat for companies of all sizes simply because ‘we’re only human’.
And yet whilst ‘being human’ makes us the weakest link, by adopting robust Human Risk Management (HRM) strategies, we humans are more than capable of being the strongest line of defence.
Mindset, mission or M.O, what is Human Risk Management?
Human Risk Management (HRM) is a relatively new expression within the corporate landscape and understandably, it’s crucial and gaining in significance.
As to the question of mindset, mission or modus operandi (M.O.), HRM is all three.
Done well, it offers a holistic approach to digital self-defence which encourages and enables companies to establish a culture in which secure behaviour becomes second nature.
Of course, having fit-for-purpose software and IT infrastructure in place is a given to provide detection and protection, but knowledge, contextual training and motivation are also essential.
Where to start?
Employees need to fully appreciate that they are the key players. Similarly, company leaders need to understand that it is only by helping staff to protect themselves, that they stand a chance of staying safe from cyber security attacks.
As to where to start, as with most problems, there’s usually a logical solution and at HG Technology we advocate following four clear steps. It is an approach we both practice and preach when helping clients establish a robust and collaborative security culture:
- Identify/detect human behaviours that pose a risk
- Implement education and company-wide policy to address risks
- Facilitate staff with tools and training to protect against threats
- Once secure daily digital habits are embedded, maintain them
Helping your staff do the right thing
By the right thing we mean not falling prey to the very real and increasingly creative threat of cybercrimes that so successfully circumvent technology.
Currently, around three quarters of breaches involve a human element, and the most common risks are sharing sensitive data over unsecured networks or using weak or repeated passwords.
So how do you find out how risky and vulnerable each member of your team is? By testing them of course then training them until thinking and acting securely is part of their daily routine.
This is where IT proves its worth, in particular an application called uSecure which as its name suggests, helps make individuals safe. It works by facilitating testing and e-learning over the long term and addresses the issue that 90% of learners usually forget what they’ve learnt within seven days!
Training is one of the biggest levers you can use
uSecure facilitates behavioural-based security training by providing practical implementation. It also helps enhance information recall by making spaced training possible in addition to introducing nudges delivered via different communication channels.
When implementing uSecure for clients we first ask individuals to take a quiz which gives them a score related to their risk.
They are then sent bi-weekly courses to educate them, starting with the areas they scored poorly in. Through regular monitoring, we expect that their score to improve over time.
There is an admin portal that allows organisations to set up phishing simulations for example to test if staff are ignoring or responding to fake emails. It can also check to see if there have been any breaches related to an individual’s email addresses.
We recently worked with Leadiant, a biosciences company where the implementation identified a breach of security and led to them introducing more secure practices such as resetting passwords.
If you would like guidance on cyber threats and want to know more about how HG Technology can implement proven security applications, please get in touch.
