Many organizations focus on external threats when implementing a cybersecurity policy. However, according to Verizon’s 2022 Data Breaches Investigations Report, 82% of data breaches involved the human element.
Cyber criminals target employees because they may not have knowledge of the risks they face. Not all employees are tech-savvy, and many are only aware of the more common types of tactics used by cyber criminals. Employees who hold key positions are more vulnerable to sophisticated attacks.
What Risks Do Employees Face?
There are many methods used by cyber criminals to lure employees into revealing sensitive information, giving the hacker access to networks and data within the organization. Below are some of the common risks that employees face:
- Access to the company's network through personal devices: Employees connected to the company’s network may not realize that their personal laptops, computers, tablets, or cell phones are compromised. Their devices may lack sufficient protection against potential risks, consequently leaving open doors for cyber criminals to gain access to the company's network.
- Outdated software: Cyber criminals target outdated software and vulnerabilities within a network.
- Phishing: A hacker poses as a credible source and attempts to persuade employees to disclose information and/or passwords through the use of fraudulent emails, texts, or phone calls. Hackers may even use email spoofing to disguise the sender’s email address so it appears to come from within the employee’s organization.
Check out our blog post, 4 Key Signs of a Phishing Attack, for more information.
5 Ways Your Employees Can Support Your Cybersecurity Culture
Avoid the use of company devices and networks for personal use. Websites and other platforms utilized by employees for personal use on the company network can put your organization at risk. Encourage employees to use personal devices, cellular data, or a guest network to access personal accounts.
Refrain from using the same passwords between work and personal accounts. If an employee’s personal accounts are hacked, there is a chance the hacker could gain access to their work accounts if they share the same password.
Open emails with caution. Employees should be well trained to spot phishing attacks, considering 91% of cyberattacks start with a phishing email, according to KnowBe4. Always check the sender’s email address and look for misspellings, and never open any links or attachments in a suspicious email.
Use MFA. Multi-Factor Authentication (MFA) can create an extra layer of security and should be implemented across company accounts when possible.
Apply software updates and patches when available. In order to address security vulnerabilities, devices and applications should be updated and patched as soon as they become available.
Contact us to learn about our proactive cybersecurity and risk solutions that increase your resilience against social engineering attacks and other cyber threats.