To Error is Human Nature – phishing scams

April 24, 2023
Brenda Eisenschenk

According to a blog written by Thomson Reuter, 85% of cyber threats were caused by a human element. Not by AI or a computer glitch, but by a human.  

Ironically in October of 2022, Thomson Reuter reported collecting and leaking up to 3TB of sensitive data. “We believe that it was caused by a misconfiguration on the AWS Elastic Load Balancing service, which followed different rules that weren’t configured to fully cover access control rules, which led to the service being exposed to the public,” Vareikis explained. 

Misconfiguration is one example of those Human Errors.

Think of the emails that you receive daily. Your Microsoft password is set to expire, but before clicking on reset password, you realize the email was not even sent from Microsoft at all. The email with the invoice attached from a source you don’t even do business with. Or, the email from your boss asking you for sensitive company information, that isn’t really from your boss if you look closely at the email address, and not just the boss’s name. These are called Phishing attempts.

So, how do we stop people from fat fingering configuration files, clicking on malicious URL’s, or using weak passwords?  

The first place to start is to recognize that to error is human!

The second place is to understand where your threats might be within your organization.  Have you taken the time to do a security assessment?  Identifying ways in which you are vulnerable to outside threats is the first part of knowing how to patch those holes.  Maybe it is time to adopt a Zero Trust strategy in your business where you limit access by employee only to what is needed to perform their job. Should you add on extra layers of security within the organization through MFA (Multi Factor Authentication).  Can you implement internal controls reporting to gain visibility into who accessed company data?

Third, educate! Empower your employees to be aware of common threats. Training them on vulnerability, making them aware of their responsibilities and accountabilities as they use technology throughout their day. Just as technology is ever changing, this training should be ongoing for top-of-mind awareness. This is never a “one and done” project.

Lastly, protect. What happens if you are affected by any cyber threat? Work with an insurance agent who understands cyber insurance and makes sure you are adequately protected.

We are excited to host the May 4th Lunchtime Learning at the St. Cloud Area Chamber. The topic is “Gone Phishing?” and we are excited for our panel of experts to discuss security for your business. Thank you to Clint Lentner-Director of IT at Northland Capital, Laura Tomczik-Senior Commercial Account Executive at Mahowald and Ben Thoele-Solutions Engineer at InteleCONNECT!

Won’t you consider meeting us at the Chamber for this presentation?

For your business, can you afford to not have a backup plan in place? You should look at what options you have, and all of us at IWM and InteleCONNECT are versed in what’s available and would love to discuss with you.

If you have questions on this or any other product or service, we would LOVE to partner.

Leave a comment

Skip to content