Humans May Be the Weak Link in Your Cybersecurity

Keyboard with fishing hook on top

If you are running a small business, you understand the importance of protecting your online information. Before you spend thousands of dollars on server security, take the time to shore up your weakest link: your employees.


Cybersecurity is a real threat for small business owners who use online databases to manage and serve clients. Companies are turning to web developers to help them enforce stronger passwords and ensure proper web encryption, and add additional levels of cybersecurity. But many data breaches are the result of simple human error.

Your employees are inundated with attacks by hackers and other forms of identity theft. For example, have you ever received an email from a “bank” warning that your information may be at risk and asking you to send them your personal details? Other emails have links that direct you to malicious websites and automatically download software onto your computer.

These phishing attacks have been around for a while, but they are still very much a threat. According to Verizon's 2015 Data Breach Investigations Report, 23% of all phishing emails were opened and 11% of recipients opened an attachment.

And that's on top of phishing attempts that happen over the telephone. Would-be hackers call vulnerable consumers and convince them to reveal their passwords. That way, hackers take all the guesswork out of identity theft.

These kind of human-centered hacking schemes target even the biggest online entities. In February 2016, Popular Science reported that hackers had gained access to the FBI's I.T. department. How? A phone call to an employee. Motherboard reported:

“The data was obtained, the hacker told Motherboard, by first compromising the email account of a DoJ employee, although he would not elaborate on how that account was accessed in the first place. (On Monday, the hacker used the DoJ email account to contact this reporter).”

The best way to fight these attacks is through employee education. Hold annual cybersecurity trainings that teach employees how to identify phishing attempts and what to do when they find one. If you are planning such a training, tell your employees:

  • What it looks like when a website is encrypted (look for the padlock in the browser).

  • Type in URLs to service provider websites, rather than clicking on links in emails.

  • Refer phone calls about technical problems to I.T. support or at least a supervisor (usually phishing callers will simply hang up).

  • Watch for foreign extensions on email addresses.

  • Avoid storing passwords within easy reach of the computer terminal.

Annual employee education should be the number 1 priority for your business's cybersecurity plan. Make sure they understand that they are the first line of defense between your business and the hackers.

Provisio Technology Solutions can help your business create a cybersecurity strategy and educate your employees on how to implement it. If you need to up your defense against hackers, contact Provisio Technology Solutions today to schedule a meeting.