Cyber Security is Everyone’s Business
Throughout October, Cyber Security Awareness Month has delivered an opportunity to reflect and review our cyber security practices. This year’s theme of ‘cyber security is everyone’s business’ was a timely invitation to review our own personal security practices and their impact on organisational security.
Constantly evolving threats bring heightened risks
Each year, the risk to business grows. In 2023-2024, we saw a 23% year-on-year increase in cyber attacks—one attack reported every six minutes. Customer expectations around corporate cyber security responsibility are evolving too, with over 80% of consumers believing businesses should do more to protect their personal data, and face stringent penalties if they fail to do so.
At Truis, we have a unique insight into the cyber security challenges organisations are grappling with. Our own observations are reflected in industry research—human error remains the most significant risk. Verizon’s 2024 Data Breach Investigations Report showed that 68% of breaches involve a human element—such as a clicked link in a phishing email or poor individual security practices. This is why investing in training and awareness has such a powerful impact.
The risk of human error is also rising within IT teams. High workloads, skills shortages and increasingly complex and specialised networks has resulted in teams experiencing high demand and stretched resources, resulting in burnout and fatigue. Even within the most skilled teams, competing demands can easily result in human error, with drastic consequences for organisations.
Security is in everyone’s hands
Regardless of how savvy we think we are, there’s always opportunities to improve our cyber security and safety online. As we wind up Cyber Security Awareness Month, here are four quick things you can implement to strengthen your security:
Enable multi-factor authentication on all your accounts
Multi-factor authentication (MFA) provides an extra layer of security in addition to using strong passwords. Whether you choose to use SMS codes or an authenticator from trusted providers, such as Microsoft or Google, it’s a quick and easy way to secure your accounts.
Be sure to implement MFA on your email accounts, too—particularly if you’re using email for MFA on other accounts and for password resets.
Keep your software up-to-date
Software updates are one of the core foundations of any security strategy. As well as fixing any UX glitches, updates to software and apps generally contain new security features and address known risks. Be sure to install the updates as soon as possible, as operating your device without the latest updates can make you a vulnerable target. Automatic updates can make sure this isn’t missed.
Swap to strong passphrases
Passphrases are passwords, upgraded. A passphrase includes a mix of four or more unrelated words. This makes them harder to guess, but easier to remember than random passwords.
With so many accounts, it can be difficult to remember every unique password, which often leads to using the same one or two passwords. This is a weakness cyber criminals rely on. If you struggle to remember all your passwords, a password manager can be helpful. There are multiple options available, but whichever you choose, always protect that account with a strong, unique passphrase and MFA.
Recognise and report phishing
We hear a lot about phishing scams, where cyber criminals or scammers trick their victims into handing over personal information or account access. These commonly look like fraudulent emails or text messages claiming to be from trusted organisations—banks are a common one.
Scammers are increasingly clever, but there are generally warning signs—unusual sender email addresses, poor grammar and unusual requests help to raise red flags. You can report suspicious phishing emails at Scamwatch.
The importance of training
While cyber attacks are often discussed in the context of IT systems, their true impact is far broader. The potential damage to your operations and customer experience is immense, with immeasurable impacts on your organisation’s credibility, reputation and consumer trust. Even the most sophisticated security can be compromised by human error. The most critical investment you can make in your organisation’s security is in training that educates and empowers your people.
KnowBe4 is the cyber security training platform we use for our team here at Truis. We recommend it not just because it’s been proven to reduce phishing susceptibility by 75%, but because we trust it for our own people.
Our KnowBe4 security awareness training provides a simulated environment, giving your team the opportunity to actively apply what they learn, testing their knowledge and strengthening their abilities as the first line of defence for your organisation.
Robust cyber security relies on your people, as much as your systems. Request a free demo of our KnowBe4 Security Awareness Training to see how effective it is in empowering and informing your staff.
Take a look and book your free demo here.