Cyber security goes beyond technical measures
Technical security measures within organisations are growing at a rapid pace, as is the related technology. This is leading attackers to a new approach in which they attack the weakest link in an organisation: the employees. Experience shows that in many successful cyber-attacks employees inadvertently granted access to cyber criminals. So, the human component turns out to be an alluring access point for cyber criminals. Did you know that 57% of security professionals consider human behaviour the biggest cyber risk and that 35% of employees use a weak password? A frequent example here is that cyber criminals gain access to the organisation’s systems by sending an email to an employee, or by strategically placing a malicious USB stick in the car park, and not by hacking your IT security.
People as part of the solution
People form the weakest link in your defence, so your aim must be to make your employees aware and conscious of cyber-attacks. How can they recognise malware, spam or phishing? How should they react to those types of “attacks” or hacks? Better still: what things above all may they not do? As a specialist, BDO helps to keep your employees focused by raising and/or testing awareness through three specific services.
- Security Awareness Training | Training, at your offices or through e-learning, with a focus on a behind-the-scenes view of what cyber criminals are currently doing to lure you or your employees into their trap: social engineering, social media, password management, data breaches, free Wi-Fi and more. Our training courses are given at a very comprehensible level using specific real-life cases (videos, photos and live demos).
- Social Engineering | A controlled and ethical attack in the context of awareness-raising. As an example of an attack, we may send a false but credible email to the predefined target group or groups and then monitor click and response behaviour for you.
- Awareness-as-a-Service | Effective awareness is not a one-off effort, but rather a succession of periodic awareness exercises that are continuously updated and/or improved. Here, we periodically test your employees in a risk-free environment using trial by error. Furthermore, we offer you useful insights and results to increase the security level of your organisation.
Our services are offered either as a one-off assignment (e.g. one training session or ethical attack), combined (e.g. a phishing attack combined with awareness training), or as part of periodic awareness-raising (e.g. sending out an ethical attack every quarter, including remedial e-learning).
Are you interested in how BDO can help you find a practical solution to get your cyber security up to standard? Contact one of our specialists for a no-obligation introduction.