An employee accidentally clicking a phishing link can have serious ramifications. Here’s how to protect your business. Credit: PonyWang Candid Wüest recalls the time he worked with a client whose systems became infected with ransomware after an employee fell for a phishing attempt. The individual was tricked into downloading and running a file, believing it had come from someone in the IT department. The breach wreaked enough havoc that the company had to shut down operations for the remainder of the day — and the next day as well. “The employee accidentally wound up letting an attack into the network,” says Wüest, now Vice President of Cyber Protection Research at Acronis. “This human error caused the company to spend a significant amount of time and financial resources to recover from the attack.” It took several weeks, he adds, for the company to complete their investigation into the attack and ensure there were no other compromises in their network. Unfortunately, human error still plays a key role in many cybersecurity attacks. In 2021, 44% of security incidents were caused by employees falling victim to phishing or other non-malicious security policy violations — up from 36% the previous year, according to IDG’s 2021 Security Priorities Study. This was the case even though nearly half of the respondents prioritized employee security training and awareness. Human errors remain a factor simply because people are creatures of habit and will sometimes circumvent security protocols rather than adjust to them. “Another reason is that individuals often feel rushed and overworked, which can lead to sloppiness, especially when going through emails,’’ Wüest says. “Most people have likely been trained on how to avoid phishing emails, but verifying links or manually typing known, legitimate domains into the browser window takes time — so these actions are often skipped.” How small businesses can protect their systems Business leaders should remain determined to instill security as a part of the culture. “Educating employees on proper security procedures cannot be a one-and-done solution,’’ Wüest says. “Company culture should continually build a security-first mentality. This strategy must come from the top down.” Keep conducting regular training sessions. “Phishing tests can also be run to help employees see how easy it is to fall for phishing attempts. However, this should be used to educate employees, not punish them.” “Security procedures should be a regular topic of conversation in meetings, and any potential issues should be widely discussed,’’ he adds. But while education and a culture of alertness can reduce your risk surface, any system that relies solely on human judgment will almost inevitably see breaches — and it only takes one such failure to compromise an entire organization. Modern security solutions incorporate automated defenses, like multi-layered anti-malware capabilities, that counter threats immediately upon contact, while URL filters can flag suspicious addresses and block users from ever encountering most cyberthreats. Even if you lack a robust internal IT team, there are third-party services to fit every budget. Managed service providers can bring your systems up to proper security standards without breaking the bank. With average ransomware payments now over $100,000, it’s time to invest in proactive protection measures. Your business’ very existence depends on it. Protect your employees and your business against human errors. Visit us here. Related content brandpost Sponsored by Acronis Questions that every business should ask managed services providers Ever-evolving cybersecurity threats and infrastructure complexity can make it difficult for small IT teams to keep up. Managed services providers can help. By Esther Shein May 06, 2022 3 mins Business brandpost Sponsored by Acronis SMB Best Practices: Questions to Ask Before Contracting With a Security Services Provider Do your due diligence and research around how managed security services providers protect your data and your business. Here are considerations to take into account. By Esther Shein May 06, 2022 3 mins Security brandpost Sponsored by Acronis Small Business Best Practices: How to Convince Your Boss to Invest in Cybersecurity ] Security threats are rising, but you’re struggling to get a bump in your security budget. Here are some strategies to prove investment is necessary. By Esther Shein May 06, 2022 3 mins Cyberattacks brandpost Sponsored by Acronis The SMB Guide to Securing Employee Personal Devices Employees want to use their personal devices for work, and while it may save on the IT hardware budget, it can create security risks. By Esther Shein May 06, 2022 3 mins Employee Protection Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe