→ Senior digital profiles
Approach and beliefs
Preventing social engineering attacks
Richard believes there is a deeper underlying issue that businesses need to tackle before they can get close to fully preventing social engineering attacks.
“I worry that some businesses are losing touch with their basic humanity, and that this makes their employees more vulnerable to cybercrime. Mental health in the workplace is a very serious issue, especially post-pandemic, with many people feeling stressed and anxious and struggling to cope.
Some businesses are doing better than others in taking care of their people. But employees who are unhappy are much more open to manipulation, bribes, the fraudulent offer of a new job and so on. These vulnerabilities can and do create weaknesses for social engineers to exploit.”
Show your human side
For Richard, one of the most positive steps businesses can take is to humanise their approach to cyber security training.
“Pitch education in a way that makes people feel empowered and comfortable, rather than scared to fail and therefore even more stressed. You aren’t going to empower anyone by forcing them to watch an hour-long video on why phishing is so bad – so don’t! Mix up education with security days, posters, well designed eLearning and engaging materials. Don’t make the subject too complex. Ensure everyone understands the basics and go from there.
Yes, the risks are real, and establishing a cyber security culture can be make or break for a business. But encouraging a culture of openness and transparency can minimise those risks. Whereas a culture based on blame or fear leads to concealed mistakes that can rapidly escalate, as well as causing intense personal stress and anxiety for the people involved.”