How companies can protect themselves from hackers
Although employers may assume their employees are fairly cyber-savvy, research from MediaPro found only 12 percent actually possess enough knowledge to avoid preventable privacy or security incidents. Eighty-eight percent of employees do not.
In addition, the survey found 16 percent of employees, due to their behavior, are actively putting their organization at serious risk for a security breach incident.
To avoid the financial losses, reputation damage and other negative effects that can occur as a result of security incidents, companies obviously want to try to reduce risk wherever they can; which involves being aware of — and taking measures to prevent — potential security issues.
Some of the top cybersecurity risks relating to employees that organizations — including yours — may face in the future involve:
Employees logging in remotely
While a number want remote work opportunities — 21 percent of employees feel they’re most productive specifically when working in a public place, according to an Avast report — accessing sensitive information or their business account through unsecured Wi-Fi in a coffee shop or library can potentially expose their company to an attack.
Working remotely was found to be the second top security risk relating to employee behavior in MediaPro’s survey; yet only 18 percent of employees are concerned working from a public place can cause security issues, according to Avast.
Malware
It just takes one employee downloading malicious software for hackers to be able to spread a virus through existing files in your system or potentially gain access to passwords and other privileged information.
In recent years, a particularly nasty type of malware called ransomware has been used; often sent as an email attachment, when opened, the software can attach itself to the location where files are stored in the system and encrypt them. Hackers then may contact the organization to demand money to convert the files back to their original format.
While overall ransomware attacks declined last year for the first time since 2013, they were up 12 percent for enterprises, according to Symantec’s annual report on Internet security.
Phishing scams
Employees may receive alarmingly realistic-looking emails that appear to be from someone within the organization urging them to log into a system. While intelligence gathering is generally the main motive, some hackers use malware to disrupt or even try to destroy business operations — 25 percent more, in fact, did in 2018 than in 2017, according to Symantec.
A Proofpoint report found email-based corporate credential phishing attacks quadrupled from one quarter to another in 2018, with cybercriminals increasingly using web page redirects to avoid phishing sites from being detected.
Thirteen percent of employees have exhibited risky phishing-related behavior, according to MediaPro. IT professionals, too, may not be fully recognizing the threat phishing can present. Only five percent of the IT respondents in a SlashNext survey realized phishing is used at the start of more than 90 percent of successful security breaches. And those breach attempts don’t just involve email: Different types of phishing attacks also target employees through ads, search results, social media, chat applications and other venues.
Devices
With a growing amount of interconnected IoT devices, ranging from phones to printers, it’s not surprising 50 percent of organizations have IoT devices connected to their Wi-Fi network. IT professionals, however, feel those items are the most vulnerable to Wi-Fi-based attacks — more so than smartphones, laptops and other machines, according to data from Spiceworks. Only 36 percent of IT professionals are confident they’d be able to respond to an IoT incident.
IoT-based attacks, which can allow hackers to steal credentials and data, spiked in 2017, according to Symantec, and there were more than 5,000 a month in 2018; routers and connected cameras were the top sources of the attacks.
As part of a cybersecurity risk management plan, to prevent employees from hopping on free, unsecured Wi-Fi in a public location, businesses can utilize protective measures such as offering a virtual private network solution, which can provide an encrypted connection to a network. More than a quarter (26 percent) of respondents from more than 10 countries said in a 2018 Ponemon Institute and IBM Resilient survey that virtual private networks had been effective in helping their organization stay secure.
Anti-malware solutions, which use a variety of methods to try to prevent malicious software — such as spyware that tracks your keystrokes (and potentially passwords, as a result) — from infecting your computer, were rated even higher, with 53 percent of respondents singling them out as an effective cybersecurity move.
With so many phishing scams, malware attempts and other schemes relying on human error, education can be one of the strongest defenses against potential attacks.
Even though, because spoofed sites are getting increasingly realistic-looking, IT security professionals cited concerns about being able to point out what to look for, they identified security awareness training for employees as the top defense against phishing in SlashNext’s survey.
Urging employees to be particularly cautious about opening any email with an attachment, for example, or to carefully confirm the sender’s address is legitimate — since in some breach attempts, they can look very similar to the real thing — may help prevent security breach incidents.
For more about how companies can protect themselves against some of the top cybersecurity risks, read our blog posts on what you need to know about bring-your-own-device security; managing remote employees — and safely becoming a paperless office.