Cybersecurity: The Human Factor

Recent reports by the cybersecurity company Proofpoint describe how cybercriminals are capitalizing on coronavirus fears and using online scams to steal personal and financial information.

Cybercriminals may try to take advantage of your emotions — such as curiosity, fear, worry, and compassion for others — to trick you into clicking on a link, downloading an app, or opening an email attachment. Before you know it, you’ve been led to a phishing website or downloaded malware onto your device.

You may think cyberattacks involve sophisticated tools and tactics to hack into computers and steal data. Not true! Criminals have learned that it’s much easier to take advantage of human nature, and trick people into making a mistake and revealing sensitive information. These types of attacks are called social engineering and they turn out to be extremely effective ways for criminals to steal sensitive data.

Cybercriminals don’t necessarily need to come up with sophisticated ways to bypass computer security; instead they can take advantage of the predictable errors which humans make over and over again.

A recent report by Tessian, details findings from a survey of 2,000 professionals in the United States and United Kingdom. Respondents were asked about mistakes they have made at work. The results revealed how stress, fatigue, and distraction can have an impact on people’s ability to make good cybersecurity decisions.

Indeed, nearly half of respondents (47%) cited distraction as the top reason for falling for a phishing scam. With 57% of workers reporting that they are more distracted when working from home.

The COVID-19 pandemic has created a situation where more people are working remotely than ever. And this move to remote working, and constant teleconferencing adds to our fatigue and stress which in turn can lead us to make more mistakes, which is why we must be extra vigilant about implementing good cybersecurity hygiene practices. Now more than ever, it’s crucial to be aware of possible social engineering attempts. Some things you can do:

• Be on the lookout for fake emails claiming to be from the Centers for Disease Control and Prevention (CDC) or experts claiming to have information about the coronavirus or news of available vaccinations.
• For the most up-to-date information about the coronavirus and COVID-19, visit websites of trusted sources such as the Centers for Disease Control and Prevention (CDC) and the World Health Organization (WHO) yourself. Be suspicious if someone asks for information they should already have, or are not authorized to access.
• Look out for someone using overly technical and confusing terminology to get you to do something.
• Don’t click on links from sources you don’t know. They could download viruses onto your computer or device.
• Do not reveal personal or financial information in email, and do not respond to emails asking you for this kind of information.
• Beware of messages about “investment opportunities.” The U.S. Securities and Exchange Commission (SEC) has issued warnings about online promotions, including on social media, claiming that the products or services of publicly traded companies can prevent, detect, or cure coronavirus, and that the stock of these companies will dramatically increase in value as a result.
• Do your research before donating to charities or crowdfunding sites. Don’t let anyone rush you into making a donation. If someone wants donations in cash, by gift card, or by money transfer, don’t do it.
• Look out for people trying to create a sense of urgency. By doing so, they are banking on you acting first and asking questions later.

You and your common sense are your best defense against becoming the victim of cybercrime. You can help keep your data and devices safe by being vigilant and always using good cybersecurity practices.

And remember, if something seems too good to be true, it probably is.

Julia Phelan Ph.D is a learning engineer and co-founder of To Eleven. The name was inspired by This is Spinal Tap (“Why don’t you just make ten louder and make ten be the top number and make that a little louder? Nigel Tufnel : [pause] These go to eleven”). The name embodies the fact that To Eleven goes above and beyond in all they do. To Eleven focuses on the design and implementation of learning experiences for myriad learners and contexts along with consulting and advising services. Julia created a cybersecurity course series for the property management industry focusing on the ‘human element’ of keeping data and devices secure. www.to11solutions.com