Itâs the human machine thatâs at fault

Too many businesses are not taking cybersecurity seriously, this is the view of James Lyne, global head of security research at Sophos, speaking at a recent CBI cybersecurity conference. But with the EU Data Protection Regulation potentially introducing fines of €100 million or 5% of global turnover for a data breach, companies need to consider cybersecurity at the board level and ensure employees are aware of what not to do when using a computer.

Computers increase in power year-on-year and this helps criminals break into networks. For example, it is now necessary to have a password of at least 16 characters, with a word that is not obvious. Song lyrics are good examples of a passwords that are hard to crack. Standard passwords like ‘Password123’ are extremely easy for powerful computers to break. In the future firms could find themselves on the receiving end of large fines for mistakes that could have easily have been prevented with a little forethought and staff training.

Sophos research discovered that 77% of businesses did not even know whether they were compliant with current data protection legislation. Data protection and cybersecurity should have responsibility at the board level to make sure it is given the attention it deserves. Ignorance of the legislation will not save businesses from crippling fines. Companies must also consider the reputational damage resulting from a serious data breach.

Hackers now direct many of their attacks on businesses through email. For example, a document purporting to be an invoice will be sent to a company accountant but once they open the file a virus is automatically downloaded to their computer without their knowledge and the hacker can then take control of that computer and steal information from the company. Bank details and other sensitive data could be stolen. These scams can be avoided if employees are aware of the threat and look out for the tell-tale signs that the invoice is not legitimate, such as whether the company name is known to them. It is best not to process the invoice if the company name is unknown.

Looking to the future, the internet of things will likely be an opportunity for hackers to exploit as safeguards are not yet necessarily fully developed for internet of things devices. Cybersecurity with the internet of things will be paramount to its success or failure. So far hackers are not targeting the internet of things but this could change in the future and by that time rigorous security measures must be in place to stop a potential breach.

The root of most the problems in cybersecurity lies with mistakes made by people, and many of them are entirely avoidable. Companies should look at their cybersecurity measures at a board level and give employees the necessary information not to make careless mistakes at work.

The EU Data Protection Regulation will drastically increase fines in the UK and so an imperative is there. Businesses that act now will be rewarded in the future when their brand does not suffer as the result of a data breach through a simple and avoidable error.