More than 90% of cyberattacks are due to human error, mainly due to unconscious wrongdoing. That is why it is of great importance that the awareness and knowledge level of employees in the field of cyber security is up to standard. With cyber security awareness you create this awareness and increase the information security of the organization. This reduces the risk of cyber attacks.
In this blog you can read the most important effects of security user awareness.
Why is cyber security user awareness important?
Increasing the cyber security awareness of employees has quite a few advantages. Increased awareness and knowledge in the field of information security ensures fewer errors, which reduces the risk of cyber attacks. Moreover, it saves time and money and prevents image damage because the employees act less unconsciously wrongly.
Increasing cyber security user awareness reduces errors
More than 90% of cyberattacks are due to human error. If employees are more knowledgeable about common scams such as email attachments, phishing emails, or ransomware, they’re less likely to click on unsafe links or files.
A digital footprint — sometimes called a digital shadow or an electronic footprint — refers to the trail of data you leave behind when using the internet. It includes websites you visit, emails you send, and information you submit online. A digital footprint can be used to track a person’s online activities and devices. Internet users create their digital footprint actively or passively.
What is a digital footprint?
When you use the internet, you leave a trail of information known as your digital footprint. A digital footprint is growing in many ways – for example, posting on social media, subscribing to a newsletter, leaving an online review or shopping online.
Sometimes it is not always clear that you are contributing to your digital footprint. For example, websites may track your activity by installing cookies on your device, and apps may collect your data without your knowledge. Once you give an organization access to your information, they can sell your data or share it with third parties. Worse, your personal data could be compromised as part of a data breach.
You often hear the terms ‘active’ and ‘passive’ in relation to digital footprint:
Active digital footprint
An active digital footprint is where the user has intentionally shared information about themselves – for example, by posting or participating in social networking sites or online forums. If a user is logged into a website via a registered username or profile, all messages they create are part of their active digital footprint. Other activities that contribute to active digital footprint are filling out an online form – such as subscribing to a newsletter – or accepting cookies in your browser.
Passive digital footprint
A passive digital footprint is created when information about the user is collected without them being aware that this is happening. This happens, for example, when websites collect information about how often users visit, where they come from, and their IP address. This is a hidden process, which users may not realize is taking place. Other examples of passive footprint include social networking sites and advertisers who use your likes, shares, and comments to profile you and target you with specific content.
Why are digital footprints important?
Digital footprints are important because:
- They’re relatively permanent, and once the data is public — or even semi-public, as may be the case with Facebook posts — the owner has little control over how others will use it.
- A digital footprint can determine a person’s digital reputation, which is now considered as important as their offline reputation.
- Employers can check the digital footprint of their potential employees, particularly their social media, before making hiring decisions. Colleges and universities can check the digital footprint of their future students before accepting it.
- Words and photos you post online may be misinterpreted or altered, causing unintentional insult.
- Content intended for a private group can spread to a wider circle, potentially damaging relationships and friendships.
- Cybercriminals can misuse your digital footprint and use it for purposes such as phishing for account access or creating false identities based on your data.
For these reasons, it’s worth considering what your digital footprint says about you. Many people try to manage their digital footprint by being careful with their online activities to manage the data that can be collected in the first place.
Examples of digital footprint
An internet user can make up hundreds of items from his digital footprint. Some of the ways users are increasing their digital footprint include:
- Making purchases through e-commerce websites
- Sign up for coupons or create an account
- Download and use Shopping apps
- Sign up for brand newsletters
- Use a mobile banking app
- Buying or selling shares
- Subscribe to financial publications and blogs
- Open a credit card account
- Using social media on your computer or devices
- Log in to other websites using your social media credentials
- Connect with friends and contacts
- Share information, data, and photos with your connections
- Join a dating site or app
Read the news
- Subscribe to an online news source
- View articles in a news app
- Sign up for a publication’s newsletter
- Repost articles and information you read
Health and fitness
- Using fitness trackers
- Use apps to receive healthcare
- Register your email address at a gym
- Subscribe to health and fitness blogs
Almost all online activities can contribute to your digital footprint. Image shows someone holding up their phone and credit card in front of a computer screen with an online store window open.
Protect your digital footprint
Because employers, colleges, and others can look up your online identity, it’s a good idea to consider your digital footprint. Here are some tips for protecting your personal information and managing your online reputation.
Use search engines to check your digital footprint
Enter your name in search engines. Include your first and last name and any variations on spelling. If you’ve changed your name, search for both current and former names. If you look at the results of the search engine, you will get an idea of what information about you is publicly available. If any of the results put you in a negative light, you can contact the site administrator to see if they can remove it. Setting up Google Alerts is a way to keep an eye on your name.
Reduce the number of sources of information you are mentioned in
For example, real estate websites and whitepages.com may have more information about you than you might wish. These sites can often contain personal information, such as your phone number, address, and age. If you do not feel comfortable with this, you can contact the websites and request that the information be removed.
Limit the amount of data you share
Every time you provide your personal data to an organization, you increase your digital footprint. You also increase the chances that one of the organizations that store your data will misuse it or get a breach, causing your data to end up in the wrong hands. So, before you submit that form, you should consider whether it’s worth it. Are there other ways to obtain that information or service without sharing your data?
Double-check your privacy settings
Social media privacy settings allow you to control who sees your posts. Check these settings and make sure they are set to a level that you feel comfortable with. For example, Facebook allows you to limit posts to friends and create custom lists of people who can see certain posts. However, please note that privacy settings only protect you on the relevant social media site.
Avoid oversharing on social media
Social media makes it easy to connect with others, but can also make overparting easy. Think twice before revealing your location or travel plans or other personal information. Avoid disclosing your phone number or email address in your social media bio. It’s also a good idea to avoid “liking” your own bank, healthcare provider, pharmacy, etc., as this can lead cybercriminals to your critical accounts.
Avoid unsafe websites
Be sure to transact with a secure website — the URL should start with https:// instead of http:// — the “s” stands for “safe” and indicates that the site has a security certificate. There should also be a padlock icon to the left of the address bar. Never share confidential information on unsecured sites, especially payment information.
Avoid disclosing private data on public Wi-Fi
A public Wi-Fi network is inherently less secure than your personal network because you don’t know who set it up or who looks at it differently. Avoid sending personal information when using public Wi-Fi networks.
Delete old accounts
One way to reduce your digital footprint is to delete old accounts, for example, social media profiles you no longer use or newsletter subscriptions you no longer read. Deleting dormant accounts minimizes your exposure to potential data breaches.
Create strong passwords and use a password manager
A strong password helps you maintain Internet security. A strong password is long — consisting of at least 12 characters and ideally more — and includes a mix of uppercase and lowercase letters plus symbols and numbers. The more complex and involved your password, the harder it is to crack. Using a password manager helps generate, store, and manage all your passwords in one secure online account. Keep your passwords private – avoid sharing or writing them down with others. Try to avoid using the same password for all your accounts and remember to change them regularly.
Keep an eye on your medical records
Practice good data hygiene by periodically reviewing your medical records. Identity thieves focus on medical and health information and financial data. When criminals use your personal information to obtain medical treatment on your behalf, their medical records may become intertwined with yours.
Don’t log in with Facebook
Logging in to websites and apps with Facebook is useful. However, every time you log into a third-party website with your Facebook credentials, you’re giving that company permission to mine your Facebook user data, potentially putting your personal data at risk.
Keep software up to date
Outdated software can house a wealth of digital footprint. Without the latest updates, cybercriminals can gain access to this information. Cybercriminals can easily gain access to a victim’s devices and data by exploiting software vulnerabilities. You can help prevent this by keeping your software up to date. Older software may be more vulnerable to hacker attacks.
Check your mobile usage
Set a passcode for your mobile device so that other people can’t access it if you lose it. When installing an app, read the user agreement. Many apps reveal what kind of information they collect and what it can be used for. These apps may collect personal information, such as your email, location, and online activities. Make sure you’re comfortable with the information being shared before using the app.
Think before you post
What you post or say online sends a message about who you are, just like what others reveal about you. Aspects of your digital footprint, such as uploaded photos, blog comments, YouTube videos, and Facebook posts, may not reflect how you’d like to be seen. Create a positive digital footprint by posting only those things that contribute to the image of you and that you want others to see.
Act quickly after a breach
If you suspect that your data may have been compromised by a breach, take immediate action. If there is a financial loss, contact your bank or credit card company to report the breach. Change passwords that may have been exposed. If it’s a password you’ve used for other accounts, update it across the board.
Using a VPN
Using a virtual private network or VPN can help protect your digital footprint . This is because VPNs mask your IP address, making your online actions virtually untraceable. This protects your privacy online and can prevent websites from installing cookies that track your internet browsing history. A VPN-connection allows you to have a secure connection between your device and an Internet server that no one can control or access the data you exchange.
It improves the security of your business
A high level of awareness and knowledge of employees in the field of information security ensures more security in your company. Employees who use strong passwords, don’t open suspicious emails, and warn managers about suspicious communications make the company less vulnerable.
It saves time and money and prevents reputational damage
On average, it takes more than three months to identify a successful cyberattack and repair the damage. The average damage of a cyber attack is € 184,000. This does not include the reputational damage that the company may incur. Increasing cyber security awareness saves time and money and prevents reputational damage.
Worldwide, 720 million hacking attempts take place every day. It is therefore not surprising that no less than 53 percent of organizations (with fewer than 500 employees) have experienced a hack or digital intrusion in the past year. Yet as an entrepreneur you often think that it will not go that fast when it comes to a burglary in your own system. The most frequently heard argument? ‘Our company is so small, there’s not even anything to be gained there. I see that there is something to be gained for hackers.
In today’s digital landscape, simply any organization, large or small, is at risk of an attack. In fact, hackers are increasingly targeting SMEs. They see these entrepreneurs as easy prey, with a less sophisticated security structure. A hacker can therefore, unnoticed, have penetrated a system for a long time and then it takes an alarmingly long time before an employee or company even realizes it. On average, it takes no less than 101 (!) days to detect a harmful activity… Cybercriminals are increasingly using automated attacks that allow them to break into thousands of small businesses when hacking into SMBs. The company size thus becomes a lot less important than the network security.
Prevention is better than cure
Many SMEs are only now starting to realize how attractive their organization is to a cybercriminal. And unfortunately, that realization only comes after an attack. Recovering from a cyberattack is difficult, costly, and often impossible, depending on the nature and extent of the attack. It is not for nothing that SMEs are worried.” Research shows that more than 30 percent of executives lie awake at night due to concerns about the security of their data and IT systems. A recent survey once again shows what the financial risks look like: 65 percent of those surveyed indicate that, after a cyberattack, they would go bankrupt within three months, with the majority expecting to be within one month.
But how do you prevent an attack?
Cyber attacks are costly, not only if they happen but also to stay ahead of them. Investments are needed, both financially and in resources. A first step to reducing the threat of cyberattacks is to prevent your organisation’s number of vendors from continuing to increase, and therefore the number of alerts and systems that need to be responded to. By integrating everything together as much as possible, you can already significantly improve security.” For example, there are a number of, fairly simple, actions that are worth considering when you want to better protect yourself against a cyber attack.
Configure your devices and applications and check them on a regular basis
Often a hacker uses a wrong setting in an online application to get in. This misconfiguration can be caused by neglect (a forgotten update, for example) or human error, and almost always leads to an exposed entry point for a cyberattack. It is therefore important to check the privacy and security settings on all your devices on a regular basis and always keep them up to date. And we are not only talking about phones and laptops, but also about TVs, printers and smart speakers! The best security on these devices is through the advanced security features such as two-factor authentication. Due to regular monitoring and keeping it up to date, the threat of a cyber attack via that route is already a lot smaller. Small configuration errors can lead to the biggest cyberattacks, so you shouldn’t forget about upgrading systems.
Effective password management is crucial
It is important to emphasize that it is rare for SMEs that a cyber attack specifically targets one company. Usually, automated software attacks a larger group of companies – and the weakest ones have a successful attack. This automatic software looks for security holes and easy ways to get in. One of the easiest ways are the passwords. Besides never having to use the same password for more than one online service, it’s even more dangerous to use a business email address or password for your personal accounts. It often happens that when e-mails and passwords leak in a data breach at, for example, a webshop, cybercriminals take this data with them and try them out with as many other (business) services as possible. Thanks to the use of the automated software, login details are used at lightning speed on hundreds of website forms, often successfully.
A good backup system will save you thousands of dollars
Backing up data is often associated with the fact that data is stored securely if something happens to a device or server. But also in the defense against a cyber-attack, having a good backup is essential. Not only do you need to make regular backups: these backups will also need to be tested by the IT department for functioning and security. Because make no mistake: a backup can also be hacked. This was the case, for example, at Maastricht University: there too, the hackers had been inside the backup for days before the hack was recognized… If you do get hacked, where often a part of the device or network is blocked, the backup can often be restored relatively easily so that you do not have to pay a ransom demand (which is becoming more and more common). But because it is also possible to act faster with the restoration of a backup, the damage can be limited to the actual downtime. Because that is what a cyber criminal ultimately wants: to completely paralyze the business systems.
Did you know?
More than half (55%) of all SME organisations have been victims of cybercrime in the past year. Large multinationals are most at risk. 74% of companies with more than 1,000 employees experienced digital attacks in 2019.
More trust from customers and stakeholders
Personal data, financial figures and confidential information; you don’t want this to end up on the street. In addition to the reputational damage, it is also detrimental to the trust of customers and stakeholders. They want the certainty that their data is in good hands and that it is handled with care. To guarantee trust, it is important that you can show both customer and stakeholder what is being done in the field of information security.
Comply with laws and regulations such as GDPR
Every company must comply with certain laws and regulations in the field of privacy. Since 2015, the Personal Data Protection Act has been extended to include the obligation to report data leaks and a greater power to impose fines for the Dutch Data Protection Authority. Good cyber security awareness means that employees are aware of the latest laws and regulations and prevents them from handling personal data carelessly.
Increase cyber security user awareness within your company
By training employees in the field of information security, you increase cyber security awareness within the company. A cyber security awareness training increases the chance that someone is able to prevent a cyber attack. A training method in the form of gamification, supported by AI, motivates participants to continue learning in a simple way. It increases employee productivity by 23% and reduces compliance incidents by 39%.
Increase your company’s security against cyberattacks such as ransomware, phishing, and other attacks and prevent problems. Do you want to know more about increasing security awareness within your company?