Because 90% of these attacks and data breaches are caused by end users.
Maybe businesses need to properly vet their employees BEFORE giving them access to a keyboard and mouse?
Here’s three key tips from an IT guy (me):
1. Backup. For an individual computer user/home user - use a usb drive that’s not kept connected to the computer. For a business, ensure user data files stored locally (user/documents, etc.) are redirected to a network share. Backup the network share using the 3-2-1 method (three different backups, two different storage types (Azure cool storage is great for this!) and keep one copy offsite (again, Azure cool storage is perfect)).
2. Ensure all the latest updates are applied as soon as possible.
3. EDUCATE users about phishing and email attachments.
Phishing example that often works: You get an email from an unknown administrator telling you your email account is compromised and to click the link, log in, and then all will be well—or variants of this.
NEVER, never, never open it. Just delete and mark the sender as junk. An administrator will NEVER ask you to log into a web link and provide your credentials. NEVER.
If it is from a bank, credit union or credit card vendor same thing. Call them to confirm. Also, the IRS or Social Security Agency will NEVER email you with such a format.
Nor will any call you on a telephone asking the same.