Businesses appear to be aware of cyber security. Whilst that’s a good thing, there is a worrying gap between what people claim to know, and how they behave. In this blog post, we explore how users and their curiosity, which often gets the better of them, is the weakest part of IT networks.
Research conducted by the Friedrich-Alexander University (FAU), a German research university, highlights the difference between supposed understanding and actual behaviour. The study shows that despite knowing the risks of malicious links within emails, people still click on them. The study, conducted by Dr Zinaida Benenson, FAU’s Chair of Computer Science, concludes that up to 56% of email recipients would click on a link sent by an unknown sender, despite saying that they’re aware of the risks.
During the study, test subjects received an email containing a fake, malicious link. The link claimed to include photos of a recent party but instead would show the message ‘Access Denied’ if clicked. The research team discovered some worrying statistics by tracking the link and combining click data with a questionnaire.
Most notably they discovered:
- 56% of email recipients, when addressed by their first name, clicked the suspicious link
- 78% of participants said that they were aware of the risks of unknown links
- The majority of participants said that they clicked the link due to curiosity
How to combat the weakest part of IT networks.
It is no secret that education is the best tool in the ongoing battle against cyber crime. However, there are already many resources available to businesses, and still, users keep clicking.
We’ve found that the best way to educate staff, is by illustrating the implications of a cyber breach. We recommend you calculate the cost of a cyber breach and then share that figure within your business.
On the face of it, this might sound like a daunting task. However, it’s relatively straightforward. You won’t be able to get a 100% accurate number. However, a ballpark figure should be enough to ensure your employees delete any suspicious emails. Here’s how to do it:
Work out how much downtime you’d experience if your network were to be unavailable.
The severity of a breach will determine how much downtime you’d experience in the event of a cyber attack. However, your IT support provider should be able to tell you how long it would take you to get back online in a worst-case scenario. This time may range from a few hours to a few days depending on what measures you have in place. Having a plan in place, and a reliable backup solution are your best tools in terms of reducing this downtime.
Calculate how much money your company spends and makes in an hour.
Again, this might sound like a daunting task, but you should be able to get a fairly accurate picture of these numbers with a little digging. Take your average salary and work this out in terms of an hourly rate and do the same with your profits too. If your network is unavailable your staff won’t be able to work. This means you will be paying them to do nothing, whilst they’re making no revenue! Include new hardware costs and charges from by outside experts that you may require if you want to be more accurate. Some Google searches or conversations with your IT support provider should again provide you with most of the information you need.
Multiply the two and share the result with your workforce.
This figure will give you an indication of how much a cyber attack would cost you, should someone in your business click a malicious link. It is likely that this figure will be more than £10,000. There’s a fair chance that it’ll be greater than your average company salary too. Share it with your business so that they know exactly how much a malicious link could cost. Whilst educating your staff in terms of the risks and what to spot, it is likely that this large number will be much better at grabbing their attention.