A security culture protects

In September 2021, an article was shared by the BBC with the headline ‘Fraudsters steal £4m a day as crime surges’.

Digital and phone-based impersonation scams were shown to have risen 123% from the previous year, and push payments (when victims think they’re paying a genuine organisation) rose by 71%. It’s clear that we’re living in an era where our online security needs to be more robust than ever, and we can do our part by following procedures outlined by experts such as the National Cyber Security Centre (NCSC).

The online threat

Figure 1:Online threat

Let’s look at the inherent threat posed by an individual’s online presence. Most people are online at home and at work. Not only does that mean their personal and sensitive information is at risk, but it also means that confidential organisation information could be at risk if they don’t remain vigilant and follow the correct procedures. 

Social engineering describes how hackers use deception to manipulate individuals into divulging confidential or personal information which they’ll use for fraudulent purposes. They might adopt what’s known as a pretext, which is pretending to be somebody they’re not to convince the end-user to give them vital clues which enable them to gain access to the system they’re targeting.  

In order to counter this threat, the information security officer needs to publicise corporate policies that encourage a culture of security, and senior management support is essential to reinforce this. Not only this, but a ‘security mindset’ needs to be engendered in every individual who works in and for the organisation, with regular procedural updates and fresher items shared. 'If you see something then say something' should be a company motto.

What's next?

Next up, you’re going to take a closer look at threats and vulnerabilities associated with people. Human error is inevitable, but what can be put in place to support it?