On the ever-changing cyberthreat landscape, it’s becoming increasingly difficult for businesses to fight cybercrime when the enemies are so diverse—from nation-states to rogue hackers to organized criminal networks.
But outside threats aren’t the only problem; studies reveal employees may pose the largest threat. According to a recent cyber security survey, 74 percent of respondents (e.g. businesses executives, info-security managers and IT leaders) name careless employees the most likely source of a cyberattack.
Employees Fall for Phishing Scams
There’s good reason to worry about employee security risk. In its 2017 Data Breach Investigations Report (DBIR), Verizon shows that one in 14 users were tricked into following links or opening attachments in phishing emails, with a quarter of the victims falling for the scam more than once. The damage from these attacks is real, with the DBIR also revealing that 95 percent of phishing attacks that led to a breach were followed by a software installation.
Employees, in other words, are unwittingly handing cybercriminals the keys to the network. Case in point; the majority (81 percent) of hacking-related breaches took advantage of stolen or weak passwords.
Small businesses are an especially appealing target which explains why 12 percent of small businesses have reported a cyberattack. Of the data breach victims surveyed in the 2017 Verizon DBIR, 61 percent were companies with less than 1,000 employees.
4 Ways to Keep Employees Safe Online
Whether big or small, businesses need to educate employees about the dangers of online scams such as phishing, and help them develop a sense of responsibility for cybersecurity. To be effective, training needs to be ongoing, relevant and interactive—and reinforced by clearly communicated, rigorously enforced cybersecurity policies. Key lessons include:
Be careful what you click. Cybercriminals are experts in social engineering and the art of manipulating people into performing a certain action. In most cases, that is to click on a malicious link, or respond to a malicious email which can lead to financial or identity loss. Never click on a link or an attachment from an unsolicited email.
Check the locks. Before employees enter sensitive information into a website, they should look for the security padlock symbol. The padlock is one way to check that a website is safe and indicates that the information submitted is secure.
BYOD. Adhere to the company’s rules and restrictions as they relate to bring-your-own-device policies.
Bundle up. Since attackers look to take advantage of businesses from any angle possible, be sure to implement a layered cybersecurity architecture that weaves together solutions such as a firewall, antivirus software, email spam filtering and web filtering.
Strengthening the Weakest Link
Safeguarding your employees with secure online practices is one way to protect your business, but it’s not enough. Today’s pervasive threats demand an end-to-end cybersecurity defense technology that fully protects all endpoints. For instance, Fortinet Security Fabric provides a wide spectrum of protection to block threats across device, network, application and cloud endpoints—with automation that reduces the burden on IT and users.