0333 313 5000|hello@duocall.co.uk
Blog | Cybersecurity: The importance of educating your workforce

Cybersecurity: The importance of educating your workforce

Educating your workforce about cybersecurity isn’t always easy as the landscape is constantly changing. However, you don’t need to be an expert to know what some of the common threats are and how to help your employees avoid them…

What is the biggest flaw in cybersecurity?

When it comes to cybersecurity, your biggest vulnerability isn’t your technology, it’s your people. In 2019, 90% of data breaches were caused by user error. That’s means for every 1000 data breaches, up to 900 of them could have been prevented if sufficient education was implemented beforehand. This includes being able to identify instances of social engineering, such as phishing.

In 2021, the ICO (Information Commissioners Office) recorded 2,697 reports of cyber security breaches. That’s an increase of 14.5% from 2020, which recorded 2,353 breaches. It was found that phishing was the primary cause of these breaches, making up 36% of all recorded attacks. To add some perspective to this, in 2017 there were only 222 reports of breaches caused by phishing – that’s a 336% increase in under 5 years.

As phishing attacks rely on people interacting with malicious links and files, these statistics show that lack of awareness is a top contributor when it comes to cyberattacks. In fact, some of the biggest breaches in the past two decades were a direct result of human error.

Yahoo data breach | 2014

In 2014, hackers obtained data from over 500 million Yahoo accounts. This data breach included account names, email addresses, passwords, telephone numbers and even dates of birth. All these details can help hackers break into the other accounts that users may have with other services, including online banking. So, how did this happen?

Yahoo’s biggest vulnerabilities were their poor security practices and the lack of encryption. Access to their systems was gained through a single phishing scheme that targeted unsuspecting users. As a result, it only took one employee, clicking one suspicious link, to let one hacker into their systems. That’s right, it only took one lapse of concentration to compromise 500 million accounts!

Since this famous attack, many businesses have taken the lesson onboard and invested in protecting against social engineering and brute force attacks. This also led to huge increase in staff training as an effort to drastically increase cyber awareness.

Marriott Hotels data breach | 2014

Like Yahoo, Marriott also experienced a large data breach in 2014. However, this breach wasn’t discovered until 2018 when an internal security tool caught an attempt to access the internal reservation database; a request that it deemed suspicious. This security alert kickstarted an investigation that uncovered the cause of the breach… a phishing attack.

It was concluded that when Marriott had acquired the hotel group Starwood, they had gained a compromised system. The Starwood locations had not migrated over to Marriott’s systems and were still using legacy equipment, leaving them vulnerable.

Hackers managed to infiltrate the Starwood systems through email spoofing and phishing. When a user clicked on a malicious link, malware was installed onto their system, and at some stage during the acquisition of Starwood, this malware was able to move laterally over to Marriott’s network.

Google and Facebook attack | 2013-2015

Google and Facebook experienced breaches between 2013 and 2015, costing both companies over $100 million combined. It was one of the biggest, if not the biggest, social engineering attacks publicly recorded, and it was all executed by one man, Evaldas Rimasauskas.

Rimasauskas managed to attack these tech giants by setting up a fake company and posing as a computer manufacturer that worked with Facebook and Google. He even went to the length of setting up bank accounts for these hoax ‘companies’.

Once he and his team had their system setup, they used phishing techniques that targeted specific employees working for both companies. These emails contained invoices for fake goods and services that Rimasauskas’ company had provided. The emails directed the employees to deposit payments into the bank accounts that he had set up. They operated this scam for almost two whole years, extracting money from Google and Facebook via employees that could not identify inbound cyber threats.

Free review of your business’ communications

We care about your business’ IT & communications. That’s why we’re offering a free, no obligation review of your existing setup. Our team will assess your solutions and processes, and make informed recommendations based on their findings.

How can I train my employees on cybersecurity threats?

When it comes to educating your workforce, these case studies provide a great way to emphasise the dangers of data breaches. They’re real-life scenarios in which real-life businesses lost huge amounts of money and data due to human error. Education will not eliminate cyber threats entirely, but it will have an enormous impact when it comes to reducing risk.

Here are some tips on what you can do to keep your employees up-to-date on their cybersecurity training:

By outlining how cybersecurity breaches can impact your business to your employees, they will have a much better understanding of the importance of handling data and working with emails securely.

When it comes to reminding and informing employees, use simple cybersecurity messages. Not everyone understands complex IT terminology.

When a new member of staff joins your team, cybersecurity should be an essential part of their training. This way, it will be at the forefront of their mind from the get-go.

Make sure your cybersecurity training covers all of your business’ vulnerabilities. It’s important that you not only talk about the technical threats, but the social engineering aspects of cybersecurity facing employees each and every day.

For privacy reasons YouTube needs your permission to be loaded.
I Accept

If you need a hand with educating your employees, then our cybersecurity experts are here and available to get you started. We’re Cyber Essentials and ISO 27001 certified, so you can rest knowing that we know what talking about when it comes to keeping businesses safe.

Alongside our experts and certifications, we offer a range of IT security products that could help you educate your workforce and protect your business. For example, our Barracuda Security Awareness Training product provides training, identifies threats and simulates real phishing emails, allowing you to monitor employee awareness and tailor training programs to meet their individual needs.

For a free cybersecurity consultation, please don’t hesitate to call, email or start a live chat with us – we’ll help you protect your business and keep your employees cyber-safe!

Explore our cyber security solutions

More content from DuoCall

Talk to our team today!

Site map

About us

Voice

IT & Managed Services

Connectivity

Mobiles

CCTV & Security

Terms and Conditions

Contact us

0333 313 5000

MyTeam1

0333 313 5001

myteam1@duocall.co.uk

MyTeam2

0333 313 5002

myteam2@duocall.co.uk

Head office

Unit 8
Genesis Park
Sheffield Road
Rotherham
South Yorkshire
S60 1DX

South office

Howbery Business Park
Wallingford
Oxfordshire
OX10 8BA

Cyber Essentials Plus certified
ISO 9001
ISO 27001 Accreditation

© DuoCall Communications Ltd. All rights reserved. Registered in England and Wales No. 6330709.

Request a FREE consultation

Looking for advice regarding your business communications and/or IT? Submit the form below and we’ll be in touch to discuss your objectives and requirements…
This website uses cookies and third party services. View our privacy policy or Change Settings OK
Tracking cookies