The Human Firewall: Defending Against Cyber Attacks
Internet crime is among the most pervasive, and the numbers back this up. In 2018, the FBI estimated that losses from internet crime exceeded a whopping $2.7 billion, of which $1.2 billion were attributed to compromised business email accounts. The vast majority of the time, the damage stuck: only $192 million of that $1.2 billion was recovered—a mere 6.25% percent. Once account access is gained, stopping the intruders from inflicting significant financial or systematic damage is incredibly difficult.
A Foundation of Knowledge
To prevent such disasters, understanding a concept known as “the human firewall” is crucial. As the name implies, the best defense against cyber-attacks are the users of the systems those attacks target. In the case of cyber-attacks aimed at businesses, employees are the first and last line of defense against fraud, a common and effective form of sabotage that preys on human error. Given that 95% of all successful cyber-attacks are caused by human error, educating employees about how to identify and avoid fraud and other forms of cyber-attacks is a critical component to this human firewall.
Everyone’s a Target
Among the most important things to know is that everyone in an organization is a target, regardless of title, department, or seniority. Each and every person is a potential window – or rather, door – into the organization’s information, systems, and/or finances, one which cyber attackers won’t hesitate to move through. Having said that, certain individuals and departments are especially juicy targets, as they may have more direct access to these items. Accounting departments, for instance, work closely with their company’s financials. As many cyber-attacks are carried out with the intent of stealing money from an organization, this makes accounting employees prime targets for fraudsters.
The same can be said of human resources and IT. HR departments have access to confidential employee information; as such, a compromised HR account offers cyber attackers a treasure trove of sensitive data. Likewise, IT departments have access to every computer system within an organization, making the damage potential of an IT breach devastating.
Given their level of exposure and having the most power and influence within a company, executives are naturally popular targets as well. However, executives are often targeted in another capacity: cyber attackers will attempt to pass themselves off as a higher-up, requesting specific actions and information from others in the company, including the aforementioned departments.
Such fraudulent attacks usually contain a number of red flags that can be used to identify the sender’s criminal intents:
- Awkward wording/writing: If the syntax of an email looks scattered, incoherent, or just plain weird, there’s a good chance that something’s not right.
- Misspellings: There’s nothing strange about the occasional typo, but if the email is littered with them – or if certain misspelled words stand out – err on the side of caution.
- Unusual urgency: “I need you to make a purchase for me. Email me immediately.” Sure thing, “Mark.”
- Trying to create legitimacy: Often, fraudulent emails will attempt to appear legitimate or “official” by way of mimicked legal language, company graphics, and even mobile phone email signatures.
- Bizarre sender addresses: That “John Smith” in the “From” line may appear harmless enough, but viewing his full email address may raise an eyebrow.
- Suspicious URLs: Don’t nonchalantly click links, especially if the sender is clearly shady. Email text or photos containing hyperlinks may direct you somewhere dangerous—hover over links to see the URL!
A prudent mind is key to identifying these red flags, thereby preventing cyber attackers from wreaking havoc. As such, it’s important to always remain aware of the content we interact with online (specifically within emails) and report requests that appear to be fraudulent—even if that wealthy foreign prince’s offer sounds enticing.