As the world keeps growing in technology, hackers are finding a new way to gain or access sensitive information. Lot of damage can be done using just a single device like your phone or laptop. Users nowadays needs to be aware of how a hacker tries to gain personal information which can be used against them to access their account or personal sensitive information of the company. In this essay I will explain the importance of cyber security in an organization.
One of the most common ways, a hacker tries to steal data or sensitive information is the social engineering attacks. Hackers mostly use phishing attacks as one of the social engineering attacks. In this attack hackers will send an email or message to gain user’s attention which can generate curiosity of the user which they use to gather data. They also put out fliers where the users can see and can call them on the number given on the flier to gather data. Once a user calls them hacker will try to trap them in giving out username and password or the bank account details. They will also sometime go through the dumpster to find any documents that may have sensitive or personal information. This is called ‘dumpster diving’.
Some of the more advanced ways hacker used is that they sometime will send an email to the user which will look like a normal email and will have an attachment. This email will always try to click on the attachment on the email or will try to click on the link which redirect the user to the website design to gain information. This attachment contains worms or virus which is designed to steal your data. If the user in an organization has education about these method, companies and users can always mitigate the effects of hackers and user can start being more vigilant.
Cyber security has been the topic of discussion in organization, IT industry, educations departments etc. As we all know the frequency of cyberattacks are rising, governments, organizations are taking preventive actions to reduce the risk of successful cyberattacks (Souza, Rowe, 2011). One of the events happened in 2009 involving a SCADA system and the STUXNET virus and also events involving big companies like Sony, Yahoo were found to fall in the trap of cyberattack yet even after such high media coverage there are still weaknesses in other companies.
Cyber security is one of those challenges that requires global collaboration as cyber security ranges beyond borders. It is evident that cyber security is area of interest. If there is any doubt in the importance of cyber security education organization, one should look at recent reports. Given the importance of data being stored nowadays online, the sensitive information to be leaked or hacked is getting easier (Rowe, D. C., Lunt B. M., Ekstrom,J.,J., 2011).
While attacking or hacking an individual, hackers always use con techniques. They will always try to send emails which look similar to the sites which the user always uses. They will have attachment or the links. If the email has link, the link will redirect the user to different website which looks similar to the website the user has been using and the website will ask for the personal information. With that information the hacker will get into the persons laptop or will have bank information or any type of sensitive information. Unless the user pays attention to the email address of the sender, they might fall victim to such con techniques. Companies now a days sends out fake email to the employee to see if an employee falls prey to such email, if they do then the Information technology department will tell the employee what the employee did wrong and what they can do mitigate their mistakes. This test helped the employee more aware and started taking phishing attacks seriously. This implementation is known as SERUM (Ansson, K., & von Solms, R. 2013).
Common ways hacker will try to con or gain sensitive information are:
- Lottery. In this scenario, an individual generally gets an email saying that he/she has won a lottery and to transfer the money into their bank account they need the individual bank details. This is one of the ways to gain bank information from an individual.
- Anti-Virus. In this hacking technique, an individual gets a email saying that the individual computer has been infected and to remove the virus, install the antivirus. The email will have link or attachment which will a malware and if the individual clicks on the link his/her laptop will be infected with the malware.
- Girl Attachment. This is one was recorded as the number of people fell prey to this attack were highest (Ansson, K., & von Solms, R. 2013). In this type of attack, individual will receive attachment which is claiming to show the pictures of girls but instead this link or attachment is the malware.
If employee or the individual will have training or education about these attacks, they can mitigate these attacks.
Impact of Smart Phones
Smartphones in recent past has become an integral part of our day to day lives. Everyone uses smartphones for social media, browsing, calling, texting etc. It is so ingrained in our lives that no individual wants to leave their apartments or home without their smartphones.
There has been an exponential growth of technology in the smartphones in last decade. People use smartphones to make online payments or do online shopping. Smartphones also ability to pay without using any cash or card. Smartphones uses Wallet application to pay. Every phone has been saved with credit card or debit card information. From this we can concur that mobile devices have lot of personal information saved in their memory.
Imagine a person’s smartphone gets stolen or he drops his phone, and if the person has not unlocked his phone, then the thief will have all the personal information. What if the hacker uses the individual smartphone to get into their organization’s network with the help of VPN, now the hacker will have access to all the company’s sensitive information available on this person’s one drive.
Sometimes an individual has his Bluetooth or Wi-Fi turned all the time. Imagine if the individual is connected to public network and if the individual is connected to public network hackers can set up trap for the individual by setting up links which will look like an authentic website and will try to prompt the user to fill out personal information. According to recent study almost 51% keep their Wi-Fi turned all the time (Imgraben, J., Engelbrecht, A., & Choo, K. R. (2014)).
Organization should make aware to their employees the vulnerabilities of smartphones and how the employee can mitigate this by following safety procedures like keeping a complicated password for their smartphones or how to use the Internet if the employee is connected to the public network. Cyber security education will make them more alert and cautious.
Employee/ Users Awareness and Its Impact on Organizations
To show the importance of cyber security, in the latest survey by the Department of Digital, Culture and Media Sports at the University of Portsmouth, four out of ten businesses fell in the trap of cyberattacks in 2018, i.e. 43%. Almost 75 % of business nowadays take cyber security as a priority for the senior management.
If the users or employee could have been more aware of these attacks and how to prevent with the help of cyber security education. This simple procedure could have prevented over millions of pounds/ dollars of losses in the US and UK (Vaidya. 2018).
In a recent study in an organization, they held an awareness program to instruct users about security measures. In this program after observing some of the employees, they determined after the awareness program people became aware of the threat of cyber security breach and started following organization guidelines and which helped the employees not to fall prey to cyber security breaches or attacks (D’Arcy, J., Hovav, A., & Galletta, D. (2009).
Here are some of the organization’s guidelines:
- Always log into private secure networks or use VPN to log in to the organization’s network.
- Stop usage of unknown external drives in computer network.
- Always keep Computers and smartphones locked with the help of complicated passwords.
- Making sure computers and antivirus are up to date and installing company patches regularly.
- Don’t open any links or attachments form unknown emails.
- Making sure emails are from valid users.
If the employees start to takes these guidelines earnestly, it’s really hard to hack the employee. These guidelines should be also followed by the employee on their personal PC or laptops. As we all use our personal PC for banking transactions or do online shopping. So, our PC also have lots of personal information and if we followed all the above guidelines to our PC, it will be really hard to penetrate our personal PC.
In the paper by Rowe D, they recommend government and organizations should work together to educate students and spread awareness of cyber security in all peoples. For example, Dartmouth college started a cyber security initiative to spread awareness after compromise of their network. Such collaborative approaches might help students in the early age to start good practices on how to use their laptops which might mitigate the risks of cyber security attacks and which in turn will help them professionally in future. Some of the recommendations according Rowe D. is that users should verify that they have up to date security throughout a student’s curriculum. They should start familiarizing students with some of the terminology. They should introduce courses like advanced security in the later year when a student is about to graduate to prepare them for professional background on cyber security (Rowe,D. C., Lunt B. M.,Ekstrom,J.,J.2011).
Even if the organizations are spending millions of dollars on firewalls or updates on the employee computer, but employees remain the weakest link in the structure. If an employee doesn’t follow or is not aware of cyber security attacks, he will most likely fall prey to the hackers which in turn might affect the organizations. For example, in companies like Yahoo would have been more proactive in educating their employees they might have avoid the security breach in their organization and which could have saved them millions of dollars. All organization should give importance to security awareness.
- Souza, P. d., Rowe, D. C., Ali, A., et al., Cyber Dawn (2011). Cyber Security Forum Initiative (CSFI).
- Rowe, D. C., Lunt, B. M., Ekstrom J. J. (2011). The Role of Cyber-Security in Information Technology Education.
- Ansson, K., & von Solms, R. (2013) Phishing for Phishing Awareness. Behavior & Information Technology.
- Imgraben, J., Engelbrecht, A., & Choo, K. R. (2014). Always Connected, but Are Smart Mobile Users Getting More Security Savvy? A Survey of Smart Mobile Device Users. Behavior & Information Technology.
- Vaidya, R. (2018). Cybersecurity Breaches 2018. Department of Digital, Culture Media & Sport, University of Portsmouth.
- D’Arcy, J., Hovav, A., & Galletta, D. (2009). User Awareness of Security Countermeasures and Its Impact on Information Systems Misuse: A Deterrence Approach. Information Systems Research
- Hanus, B., & Wu, Y. “. (2016). Impact of Users’ Security Awareness on Desktop Security Behavior: A Protection Motivation Theory Perspective. Information Systems Management.