June 2021 Newsletter
Don’t Let Your Employees Become Your Biggest Vulnerability
A couple of years ago, TechRepublic ran a story with the following headline: “Employees Are Almost As Dangerous To Business As Hackers And Cybercriminals.” From the perspective of the business, you might think that’s simply inaccurate. Your company strives to hire the best people it can find – people who are good at their jobs and would never dream of putting their own employer at risk. And yet, many employees do, and it’s almost always unintentional.
Your employees aren’t thinking of ways to compromise your network or trying to put malware or ransomware on company computers, but it happens. One Kaspersky study found that 52% of businesses recognize that their employees are “their biggest weakness in IT security.” Where does this weakness come from? It stems from several different things and varies from business to business, but a big chunk of it comes down to employee behavior.
We all make mistakes. Unfortunately, some mistakes can have serious consequences. Here’s an example: an employee receives an e-mail from their boss. The boss wants the employee to buy several gift cards and then send the gift card codes to them as soon as possible. The message may say, “I trust you with this,” and work to build urgency within the employee.
The problem is that it’s fake. A scammer is using an e-mail address similar to what the manager, supervisor, or other company leaders might use. It’s a phishing scam, and it works. While it doesn’t necessarily compromise your IT security internally, it showcases gaps in employee knowledge. Another common example, also through e-mail, is for cybercriminals to send files or links that install malware on company computers.
The criminals once again disguise the e-mail as a legitimate message from someone within the company, a vendor, a bank, or another company the employee may be familiar with. It’s that familiarity that can trip up employees. All criminals have to do is add a sense of urgency, and the employee may click the link without giving more thought. (Continue reading in June 2021 Newsletter)