Human Risk Management
Learn how to boost your organisation's employee security posture against human error and evolving cyber threats
Why are employees an insider threat?
Humans make mistakes
We all make mistakes. In fact, 43% of employees say they've made a mistake at work that compromised cyber security, such as misdirecting an email. Problem is, these types of 'small' mistakes can result in sensitive data being exposed, which attackers are experts in exploiting.
Humans are targets
Much of your business's information can be found online, including your suppliers, contractors, and customers. This makes it easy for attackers to impersonate internal and external contacts, and all it takes is for one person to be successfully duped for your business to be at risk of a serious breach.
Humans break the rules
People in any business are capable of breaking the rules, be it maliciously or accidentally. But a large portion of rule-breaking ventures further than not abiding by password policies - some employees can go as far as to steal corporate data and sell this on the dark web.
88%
Stanford University attributes 88% of data breaches to human error, even more than Verizon.
36%
In 2021, phishing attacks were connected to 36% of breaches, an increase of 11%.
45%
of employees would be willing to sell corporate info to people outside their organisation.
43%
of employees say they've made a mistake at work that compromised security.
25%
of employees believe they have clicked on a phishing email at work.
70%
of malicious insider breaches are financially motivated, mainly by selling credentials on the dark web.
[email protected] | +44 (0) 1656 371735
Human Risk Management
Learn how to boost your organisation's employee security posture against human error and evolving cyber threats.
Why are Employees an insider threat?
Humans make mistakes
We all make mistakes. In fact, 43% of employees say they've made a mistake at work that compromised cyber security, such as misdirecting an email. Problem is, these types of 'small' mistakes can result in sensitive data being exposed, which attackers are experts in exploiting.
Humans are targets
Much of your business's information can be found online, including your suppliers, contractors, and customers. This makes it easy for attackers to impersonate internal and external contacts, and all it takes is for one person to be successfully duped for your business to be at risk of a serious breach.
Humans break the rules
People in any business are capable of breaking the rules, be it maliciously or accidentally. But a large portion of rule-breaking ventures further than not abiding by password policies - some employees can go as far as to steal corporate data and sell this on the dark web.
Inside the Dark Web
The Dark Web is 500x larger than the surface web.
Dark web activity has increased by 300% since 2017.
More than 22 billion records were added to the dark web in 2020.
60% of the information available on the dark web could potentially harm enterprises.
Company Policy Examples
Acceptable Use Policy
Confidential Data Policy
Email Policies
Incident Response Policy
Network Security Policy
Password Policies
Physical Security Policy
Cover the essentials to maximize success
The best practices
9 Tips for tackling
long-term human risk
Learn what the key ingredient
are for a successful Human Risk
Management Approach
Make training short & engaging — Use short video training courses to engage staff
Cover the essentials — Be sure to cover key security topics (see these further below)
Train staff regularly — Monthly training keeps knowledge fresh in the mind
Avoid technical jargon — Many employees won't understand industry terms
Replicate common phishing threats — Test staff against scams they're likely to fa
Deploy quarterly phishing simulations — This helps monitor risk without overkill
Cover core policies — Make sure your policy library includes the essentials (see below)
Keep policies up-to-date — Review and update policies each year
Measure the impact — Track training performance and simulations over time
Key Training Topics for your Staff.
Phishing Attacks
Passwords & Authentication
Working Securely from Home
Secure Internet & Email Use
Physical Security
Social Engineering
Mobile Device Security
Public WIFI
Common Phishing Scams to Test your Workforce
New Microsoft Teams Requests
Office 365 Password Expiration
Deactivation OneDrive Account
OneDrive Shared Contact Notification
Starbucks Bonus
New Voicemail Message Alert
Start Reducing Human Cyber Risk Today!
Shine a light on your business's current human risk areas and start building a security-savvy workforce with our fully managed HRM service.
We know that time, budget and simply just not knowing where to start are often the key blockers for launching a new internal process.
That's why we've launched a low-cost and fully-managed Human Risk Management service that is quick to launch,
non-disruptive and covers all of the key elements for driving secure user behavior, including:
Engaging and bite-sized security awareness training programs
Regular simulated phishing assessments
Continuous dark web monitoring
Essential policy implementation with track able staff signatures
Ongoing human risk scoring and regular summary reports
Readily-made courses, phishing templates and policy documents
88%
Stanford University attributes 88% of data breaches to human error, even more than Verizon.
36%
In 2021, phishing attacks were connected to 36% of breaches, an increase of 11%.
45%
Of employees would be willing to sell corporate info to people outside their organisation.
43%
Of employees say they've made a mistake at work that compromised security.
25%
Of employees believe they have clicked on a phishing email at work.
70%
of malicious insider breaches are financially motivated, mainly by selling credentials on the dark web.
Inside the Dark Web
The Dark Web is 500x larger than the surface web.
Dark web activity has increased by 300% since 2017.
More than 22 billion records were added to the dark web in 2020. increased by 300% since 2017.
60% of the information available on the dark web could potentially harm enterprises.
Company Policy Examples
Acceptable Use Policy
Confidential Data Policy
Email Policies
Incident Response Policy
Network Security Policy
Password Policies
Physical Security Policy
Cover the essentials to maximize success
The best Practices
Make training short & engaging — Use short video training courses to engage staff
Cover the essentials — Be sure to cover key security topics (see these further below)
Train staff regularly — Monthly training keeps knowledge fresh in the mind
Avoid technical jargon — Many employees won't understand industry terms
Replicate common phishing threats — Test staff against scams they're likely to fa
Deploy quarterly phishing simulations — This helps monitor risk without overkill
Cover core policies — Make sure your policy library includes the essentials (see below)
Keep policies up-to-date — Review and update policies each year
Measure the impact — Track training performance and simulations over time
Key Training for your Staff
Phishing Attacks
Passwords & Authentication
Working Securely from Home
Secure Internet & Email Use
Physical Security
Social Engineering
Mobile Device Security
Public WIFI
Common Phishing Scams to Test your Workforce
New Microsoft Teams Requests
Office 365 Password Expiration
Deactivation OneDrive Account
OneDrive Shared Contact Notification
Starbucks Bonus
New Voicemail Message Alert
Start Reducing Human Cyber Risk Today!
Shine a light on your business's current human risk areas and start building a security-savvy workforce with our fully managed HRM service.
We know that time, budget and simply just not knowing where to start are often the key blockers for launching a new internal process.
That's why we've launched a low-cost and fully-managed Human Risk Management service that is quick to launch,
non-disruptive and covers all of the key elements for driving secure user behavior, including:
Engaging and bite-sized security awareness training programs
Regular simulated phishing assessments
Continuous dark web monitoring
Essential policy implementation with track able staff signatures
Ongoing human risk scoring and regular summary reports
Readily-made courses, phishing templates and policy documents
Email: [email protected]
Phone: +44 (0) 1656 371735
Address: Office 09, C5 North Road, Bridgend, CF31 3TP
|
|
Copyright 2025 Dose of Tech Services Limited. All Rights Reserved
Email: [email protected]
Phone: +44 (0) 1656 371735
Address: Office 09, C5 North Road, Bridgend, CF31 3TP
|
|
|
Copyright 2025 Dose of Tech Services Limited.
All Rights Reserved