Generally regarded as the weak link in a cybersecurity chain, humans play a vital role in the success of any cyberattack targeted at any organization. Unfortunately, despite being part of the problem in addressing cyberattacks, the human factor is mostly ignored when implementing cybersecurity policies. In this section, we will look at why humans are regarded as the weak link in the cybersecurity chain, how veterinary practice can address the problem, and solutions to the problem.
What is the human factor in cybersecurity?
In a cybersecurity chain, human factors are actions or events that can result in a data breach. In most cases, the human factor is largely due to negligence, lack of awareness, or inappropriate access control.
In a veterinary practice, the human factor can be a result of errors made by staff, third-party IT service providers, and sometimes even practice owners. In some cases, giving access to unauthorized personnel can also put your computer system at risk because they are more prone to making mistakes if they are not used to the system.
How Cybersecurity uses Phishing
A 2021 Verizon data breach report showed that nearly 82 percent of data breaches involved human elements such as social attacks, errors, and misuse. Another report by CISCO shows that 90 percent of data breaches occur due to phishing.
Phishing is the fraudulent practice of cybercriminals sending emails or texts pretending to be from a reputable source. The goal is to get their victims to click the link, which takes them to malicious websites where malicious software is installed on their computers or victims are asked to enter login information, which is then used by cybercriminals to access unauthorized accounts.
As a veterinary practice, phishing remains one of the biggest risks, and in most cases, victims of these attacks are not able to recognize these attacks. Part of the reason why these types of attacks are very successful is the default assumption that people tasked with verifying the emails are well equipped. Below are some of these assumptions and how they contribute to humans making an error and resulting in a cyberattack.
1. The Age of Victims Matters
There is a default assumption that people who have worked in a given position for a long time are capable of detecting phishing emails or making errors that result in a cybersecurity attack. Unfortunately, this is not the case, and in most cases, cybercriminals target such individuals due to the access they have to a computer system. For instance, there is a high likelihood of a practice owner being targeted for cyberattack compared to a junior staff member due to the access they have. It is also highly likely for the practice owner to fall victim to cybercriminals due to familiarity with emails the cybercriminals are fraudulently pretending to be from.
2. Humans are Diligent
One of the biggest assumptions that most organizations make is that humans, when left alone, can work diligently. Unfortunately, employees are quick to respond to emails. They are also prone to not reading and understanding the emails before clicking on links. The result is sloppiness that can result in phishing cyberattacks, which can put your entire veterinary practice at risk.
3. Humans are Efficient
There is an assumption that implementing cybersecurity policies will work because humans are innovative, and are able to incorporate guidelines into their day-to-day activities. However, in most cases, when their productivity is hindered by rules, they circumnavigate the first line of defense to work ‘efficiently’. Unfortunately, such an action puts the entire veterinary practice at risk, because, the setout policy is not followed.
In most cases, humans make decisions to achieve their goals. Although this can be a good thing, when looked at with cybersecurity in mind, some of these decisions can put the organization at risk. Therefore, putting in place a policy that understands how your employees use the internet, email, and practice management systems can help greatly in preventing cyberattacks.
A good example is a firewall that prevents access to certain sites. In most cases, staff, regardless of where they work, try to find a way to circumnavigate the firewall, and in most cases, they are successful. Unfortunately, such an action can put your computer system at risk.
4. Industry Doesn’t Guarantee Awareness
The assumption is that people who work in cybersecurity and other technology-related tasks within your veterinary practice are not susceptible to cyberattacks. Unfortunately, this is not the case, and in some cases, people who work in technology are also susceptible to making errors that result in cyberattacks.
To avoid this, it is important to implement uniform cybersecurity policies for the entire veterinary practice. This can help you avoid some of your staff being able to circumnavigate your system and resulting in a cyber attack.
How to Reduce Human-Centered Cyberattacks
Below are some of the steps you can take to prevent your veterinary practice from becoming a victim.
- Access Control: Having proper access control can ensure that, once one of your staff is compromised, the cybercriminals are not able to move laterally through your computer system. This can help prevent a cybersecurity attack from spreading to areas with sensitive data. It is also important to have access control to make sure that only a small group of people have access to sensitive data.
- Cybersecurity Awareness Training: In cases where staff is not trained about the risks of opening phishing emails, there is a high likelihood they will fall victims if targeted. With training, the staff is able to learn about how to detect and isolate some of the phishing emails, reducing the chances of a cyberattack.
- Good Cyber Hygiene: Always using updated software with the latest security patches can help keep cyber attackers away. Encourage your staff to always update their systems.
- Data Backup: Having a data backup helps you to restore your services if your veterinary practice is attacked. As a veterinary practice, you should enforce a policy that requires the staff to have a data backup of their work. This ensures that, if a mistake is made, practices are able to get their services back and running again.