81% of the respondents reported that negligent employees or other insiders have been responsible for at least one unintentional data breach within their organizations over the past two years. - The Human Factor in Data Protection Study¹
While companies will always be fearful of the malicious ‘bad apple’ employee, numerous studies have shown that most internal security breaches are accidental or unintentional; mostly a result of clever phishing tactics. Phishing is a scam featuring a malicious program posing as legitimate – an email seemingly sent by someone in your contacts, but the actual address is unfamiliar. Inadvertently, a well-meaning employee could succumb to such a scam by not realizing that something isn’t right. By properly identifying these causes, companies can not only inform employees of the risks, but can also reduce their exposure to these cyber-attacks. If employers take the time to educate employees on how to identify these threats, small business with limited resources can drastically reduce their own exposure at little to no additional cost.
“We have met the enemy and he is us.” – Walt Kelly
First, an understanding of the problem. According to over 700 IT security practitioners surveyed in a 2012 independent study done by the Ponemon Institute and sponsored by Trend Micro titled The Human Factor in Data Protection, 81% of the respondents reported that negligent employees or other insiders have been responsible for at least one unintentional data breach within their organizations over the past two years... thus the enemy is us. One notable case happened back in 2013, when hackers sent a malware-laced email phishing attack to employees from Fazio Mechanical Services, Inc., a HVAC subcontractor working at a number of Target stores. Using the stolen credentials, the hackers were then able to install malware in Target’s security and payments system designed to steal every credit card used by customers resulting in over 70,000,000 compromised credit cards. While major breaches at Fortune 500 companies can hog the limelight, small businesses are just as susceptible to cyber-attacks as the big companies, as any one person can fall victim to phishing scams or other social engineering methods.
There are many different types of phishing techniques. Some of the more prominent ones are:
Are your employees familiar with scams and how to avoid them? Social engineering is one of the easiest ways for an intruder to gain access to your information. For this reason, training employees on how to identify and avoid phishing attempts is arguably the cheapest, most effective approach at curbing this threat. Here are some useful tips that an organization can provide their employees to make them more aware of phishing and other hacking techniques:
While educating end-users is effective, there are still measures that organizations can do themselves to help protect their information:
Businesses looking for assurance that their organization is not vulnerable to phishing, malware, or other cyber threats may find only consternation, which is why Datamax offers a no strings attached network risk assessment which will provide interested parties actionable insight for developing a well-managed network.
¹ Various content based on the 2012 independent study by the Ponemon Institute, sponsored by Trend Micro, and titled The Human Factor in Data Protection.