ICAS ICAS logo

Quicklinks

  1. About Us

    Find out about who we are and what we do here at ICAS.

  2. Find a CA

    Search our directory of individual CAs and Member organisations by name, location and professional criteria.

  3. CA Magazine

    View the latest issues of the dedicated magazine for ICAS Chartered Accountants.

  4. Contact Us

    Get in touch with ICAS by phone, email or post, with dedicated contacts for Members, Students and firms.

Login
  • Annual renewal
  • About us
  • Contact us
  • Find a CA
  1. About us
    1. Governance
  2. Members
    1. Become a member
    2. Newly qualified
    3. Manage my membership
    4. Benefits of membership
    5. Careers support
    6. Mentoring
    7. CA Wellbeing
    8. More for Members
    9. Area networks
    10. International communities
    11. Get involved
    12. Top Young CAs
    13. Career breaks
    14. ICAS podcast
    15. Newly admitted members 2022
    16. Newly admitted members 2023
  3. CA Students
    1. Student information
    2. Student resources
    3. Learning requirements
    4. Learning updates
    5. Learning blog
    6. Totum Pro | Student discount card
    7. CA Student wellbeing
  4. Become a CA
    1. How to become a CA
    2. Routes to becoming a CA
    3. CA Stories
    4. Find a training agreement
    5. Why become a CA
    6. Qualification information
    7. University exemptions
  5. Employers
    1. Become an Authorised Training Office
    2. Resources for Authorised Training Offices
    3. Professional entry
    4. Apprenticeships
  6. Find a CA
  7. ICAS events
    1. CA Summit
  8. CA magazine
  9. Insight
    1. Finance + Trust
    2. Finance + Technology
    3. Finance + EDI
    4. Finance + Mental Fitness
    5. Finance + Leadership
    6. Finance + Sustainability
  10. Professional resources
    1. Anti-money laundering
    2. Audit and assurance
    3. Brexit
    4. Business and governance
    5. Charities
    6. Coronavirus
    7. Corporate and financial reporting
    8. Cyber security
    9. Ethics
    10. Insolvency
    11. ICAS Research
    12. Pensions
    13. Practice
    14. Public sector
    15. Sustainability
    16. Tax
  11. CPD - professional development
    1. CPD courses and qualifications
    2. CPD news and updates
    3. CPD support and advice
  12. Regulation
    1. Complaints and sanctions
    2. Regulatory authorisations
    3. Guidance and help sheets
    4. Regulatory monitoring
  13. CA jobs
    1. CA jobs partner: Rutherford Cross
    2. Resources for your job search
    3. Advertise with CA jobs
    4. Hays | A Trusted ICAS CA Jobs Partner
    5. Azets | What's your ambition?
  14. Work at ICAS
    1. Business centres
    2. Meet our team
    3. Benefits
    4. Vacancies
    5. Imagine your career at ICAS
  15. Contact us
    1. Technical and regulation queries
    2. ICAS logo request

Why human error is still your top cybersecurity risk

  • LinkedIn (opens new window)
  • Twitter (opens new window)
By David Fleming, Chief Technology Officer, Mitigo

1 August 2022

Our cyber risk management partner Mitigo deals with countless cyber incidents every year. Most of them have one thing in common – human error. As part of cybersecurity awareness month, Mitigo investigates the four things you must consider to reduce the risk of cyber-attacks.

We deal with countless cyber incidents every year and most of them have one thing in common - human error. A common example is of staff falling for a phishing campaign and giving away secure login credentials that allow the criminals to gain access to your business. System administrators can also be the root cause - we see examples of bad configuration and disabled security controls, which leave the business wide open to attack.

Remote working can increase risk. Staff tend to behave differently in a more relaxed, home based environment and may let their guard down. Cyber criminals know this, and attack using mass phishing emails, trick text messages and impersonation phone calls. They gather information and exploit vulnerabilities. Defending against this requires a far more sophisticated approach than technology alone.

You need a layered approach to control the “human factor”.

Policies

The starting point is to agree what is allowed and what is not allowed. Are your staff aware of your policies and processes? That is not to say that everything should be banned, far from it, but understanding the risks attached to your policies allows you to put in place appropriate mitigations. A common example is staff using company computers to login to personal accounts such as Google. Another is allowing the use of personal mobile phones to access work emails. If uncontrolled, these two things can cause significant issues. Does this sound like your business? If so, we recommend you do something about it.

Preventative controls

Only when you understand what your policies are, can you begin to consider how you configure the technology that you already have in place. Your software and systems will have controls that can dramatically reduce the risk if you get an expert to properly configure them. From web browser settings, through antivirus configuration, to laptop configuration, getting these working together coherently, reduces your reliance on staff.

People competence

It is not enough just to tell people to be careful and to look out for “dodgy emails”. Training, testing, simulation, and communication are the tools required to improve staff competence against these threats. Typically, we find 20%-25% of staff will fall for a simulated attack but this can be addressed by implementing a proper cyber awareness programme. Effective training and improved communications will start to change culture.

Governance

This final layer is mainly about some proportionate measures to make sure you stay in control and to help you sleep at night. How often do you check that staff are complying with your policies? Do you have any kind of independent assurance that the configuration and controls that you have set-up actually provide protection, continue to work, and are not becoming ineffective over time?

At its core this is all about risk management. You need to make yourself aware of the cyber threats facing your business and the likely consequences of successful cyberattacks. The layers above should be used to mitigate and control the risks to reduce them to an acceptable level.


About Mitigo:

We have partnered with Mitigo to offer cybersecurity risk management services with exclusive discounts for our Evolve members.

Find out more about Mitigo’s cybersecurity services.

For more information contact them on 0131 564 3131 or email icas@mitigogroup.com


This blog is one of a series of articles from our commercial partners. The views expressed are those of the author and not necessarily those of ICAS.

Mitigo Technology

Mitigo | The ICAS trusted cybersecurity partner

7.5% discount for all Evolve members

Would you like to know if you are resilient to a ransomware attack?

By David Fleming, Chief Technology Officer, Mitigo Cybersecurity

16 June 2022

2023-03-MarksElectrical 2023-03-MarksElectrical
ICAS logo

Footer links

  • Contact us
  • Terms and conditions
  • Modern slavery statement
  • Privacy notice
  • CA magazine

Connect with ICAS

  • Facebook (opens new window) Facebook Icon
  • Twitter (opens new window) Twitter Icon
  • LinkedIn (opens new window) LinkedIn Icon
  • Instagram (opens new window) Instagram Icon

ICAS is a member of the following bodies

  • Consultative Committee of Accountancy Bodies (opens new window) Consultative Committee of Accountancy Bodies logo
  • Chartered Accountants Worldwide (opens new window) Chartered Accountants Worldwide logo
  • Global Accounting Alliance (opens new window) Global Accounting Alliance
  • International Federation of Accountants (opens new window) IFAC
  • Access Accountancy (opens new window) Access Acountancy

Charities

  • ICAS Foundation (opens new window) ICAS Foundation
  • SCABA (opens new window) scaba

Accreditations

  • ISO 9001 - RGB (opens new window)
© ICAS 2022

The mark and designation “CA” is a registered trade mark of The Institute of Chartered Accountants of Scotland (ICAS), and is available for use in the UK and EU only to members of ICAS. If you are not a member of ICAS, you should not use the “CA” mark and designation in the UK or EU in relation to accountancy, tax or insolvency services. The mark and designation “Chartered Accountant” is a registered trade mark of ICAS, the Institute of Chartered Accountants of England and Wales and Chartered Accountants Ireland. If you are not a member of one of these organisations, you should not use the “Chartered Accountant” mark and designation in the UK or EU in relation to these services. Further restrictions on the use of these marks also apply where you are a member.

ICAS logo

Our cookie policy

ICAS.com uses cookies which are essential for our website to work. We would also like to use analytical cookies to help us improve our website and your user experience. Any data collected is anonymised. Please have a look at the further information in our cookie policy and confirm if you are happy for us to use analytical cookies: