Caring for your people has a lot to do with cybersecurity
The human factor is the weakest link in the security chain. What does this mean? That – thank goodness – human beings are unpredictable; we can’t write down all their possible behaviours and mistakes in security protocols. That is why, no matter how much our security systems have the best possible tools, we always have to reckon with the fact that we are human beings, and we fail.
In the last year, we have read ad nauseam that the source of 82% of cyber-attacks is human error. A 2021 Tessian report surveyed more than 2,000 employees in the US and UK about mistakes they had made at work. When asked why they clicked on phishing emails, 45 % of employees indicated they were “distracted”. 37% said they were “tired”, and 29% said they were “not paying attention”
In adition, the advent of remote working since the pandemic has added a significant change that also affects our behaviour. Stanford professor Jeff Hancock explains: “When I’m at work, for example, I adopt my ‘superhero’ role; I’m confident and brave. But when I’m at home, my guard is lower. I don’t expect to receive a threatening email from a hacker posing as my boss and asking for something urgent. And since there are no external cues in the environment to push me into my ‘work mode’, I may not react to a malicious email as if I were in the office.”
Furthermore, it has to be said that the techniques of deception and manipulation in Social Engineering are reaching very high levels. The development of Artificial Intelligence and increased awareness on the part of companies have made attacks increasingly complex, sophisticated and difficult to unmask.
It is clear to criminals: if my target is a company, it is easier to attack the employee and have the gateway to the entire organisation.
Who has a baby at home and is getting less sleep?
Cybersecurity managers in a company, therefore, have to be very attentive to the well-being of their employees. They cannot deal with this problem by giving an annual cyber security training course, sending out reminder emails and sitting back. They must consider the day-to-day factors that make us underperform and be less alert. We are dealing with people, not machines.
Security needs to work closely with HR and pay attention to what is called “error psychology”. Who has an excessive workload? Who has a baby at home and is getting less sleep? Who is unhappy with their boss? All these elements are crucial.
No doubt, reviewing all these possible factors can be overwhelming if the company is large, but it can have a very positive outcome in the long run. How can this be managed in practice on a day-to-day basis?
Make it fun and appealing
Sally Academy has developed an intelligence tool that adapts not only to the specific circumstances of each employee but also to their character and personality. It is not the same to be Jeff, a meticulous and computerised guy who always leaves everything in perfect order but who is extremely predictable in his routines, as it is to be Kiara, who is much messier but quicker and with great initiative. With each archetype, the risks take on different nuances. Sally first detects the employee profile and then makes the cybersecurity training roadmap.
And apart from ensuring well-being, a second very interesting area to work on is the motivation and involvement of employees in the company’s security. Everyone has enough work to do and security measures cannot be an obligatory and boring tedious task. As Volkswagen already demonstrated years ago with its campaign on “The Fun Theory”; the human response is higher when the approach is fun. What if we make safety training into something like a game, a corporate or departmental competition? The Sally Academy interface is fun, competitive and engaging – who doesn’t like to score points?
Let’s think about it, in school, we learned a lot of things by playing games. The technique is more than tested and validated.
If you want to know more, here is all the information about Sally Academy. Don’t forget, your employees can be your weakest link, or your first allies in the defence of your company.