We assume that if a website has a security certificate—indicated by an address that begins with “https” and (typically) that little padlock icon next to it—then the website is safe. It isn’t potentially malicious or trying to install malware or steal personal information. Until recently, if a site didn’t have a security certificate it was a red flag. But now hackers are using that very security certificate to trick users into thinking a malicious website is safe—and they’re specifically targeting the finance industry.
They’re a basic foundation of security, yet somehow constantly dismissed.
Passwords are one of the most important components of a strong cybersecurity strategy—but employees overwhelmingly have bad password habits – despite all attempts to ensure best practices across the organization. People pick simple, easy-to-guess phrases like “password” or “12345” or regularly reuse the same password for multiple logins.
Over 90% of all cyberattacks begin with email phishing. It’s a startling statistic, but it’s not a surprise: businesses send over 281 billion emails every day. Phishing attacks, which typically ask targets for sensitive information or to download malware, work because they prey on human nature—victims respond out of curiosity, a sense of urgency, even fear.
As we come to the end of cyber security month – we must admit to ourselves that to err is human. You can employ the latest technology at your company to bolster defenses but you cannot always keep employees from making stupid and unintentional mistakes. This lone fact is why cybersecurity training, and repetitive training, is so important.