Millennials and Gen Z are the most concerned generations about the risk of cyber attacks on their organizations. They also worry about potentially leaving their organizations vulnerable and feel less prepared to handle such cyber threats. Research from Ernst & Young LLP (EY US) indicates that 53% of US employees are concerned about their organization being targeted by cyber attacks, with 34% worried that their actions might make their organization vulnerable.
Among Millennials and Gen Z, 58% and 64% respectively fear losing their jobs if they leave their organization exposed to a cyber attack. This anxiety can negatively impact cybersecurity, as it may lead to unreported cyber incidents due to fear of repercussions. Considering that 68% of cyber attacks involve a non-malicious human element, such as clicking on a phishing email link, addressing this fear is crucial.
To boost cyber confidence and improve response to cyber attacks, here are five steps to enhance cybersecurity for both individuals and their organizations. Phishing, a common cyber attack method, involves hackers sending deceptive emails to trick recipients into clicking on a link, downloading a file, or performing other actions that compromise security. Variants of phishing include smishing (via text), vishing (via phone call), and quishing (via QR codes).
Phishing attacks leverage psychological tactics to manipulate victims. Knowing how to respond to suspicious texts, emails, or calls is key to preventing these attacks. EY US research found that only 31% of Gen Z employees feel very confident in identifying phishing attempts, compared to 51% of Millennials, indicating a need for better employee training.
Here are some tips to identify and prevent phishing attacks:
1. Don't act immediately: Phishing emails often create a sense of urgency. Even if the email claims you must click a link or download a file, pause and evaluate its legitimacy.
2. Read the message carefully: Look for urgent language, differences from typical emails, grammatical mistakes, or unusual requests, such as resetting passwords or buying gift cards, which are signs of phishing.
3. Check the sender: Hackers may impersonate colleagues or executives. Verify the sender’s email address by hovering over the contact name and comparing it with known details. If unsure, contact the person directly.
4. Check the link: Hover over any links to reveal the actual URL. Be cautious, as hackers can create convincing fake websites.
5. Report phishing attempts: Reporting suspected phishing attempts helps protect your organization by alerting others to potential threats.
Implementing these strategies can protect both individuals and organizations from phishing attacks.
Set Up Multi-Factor Authentication (MFA)
MFA enhances security by requiring users to verify their identity with a code sent via text, email, or an authentication app. This not only confirms legitimate logins but also alerts the company to unauthorized access attempts. The importance of MFA is highlighted by incidents like the cyber attack on Change Healthcare, where the lack of MFA on a Citrix profile allowed hackers to infiltrate their network. While MFA might not completely prevent cyber attacks, it can significantly delay them and provide early warnings.
Use Strong Passwords
Weak passwords are a common security risk, with research showing that 37% of people have risky workplace security habits and 39% use weak login credentials. Strong passwords are crucial as the first line of defense against unauthorized access. If remembering secure passwords is challenging, using a password manager can help generate and store strong passwords. Some regions, like the UK, are moving towards making weak default passwords illegal, a measure that may extend to workplace security in the future.
