Employees Are The Biggest Cyber Security Risk

Businesses are constantly at risk, whether it’s from website data breaches, cyber-attacks or malicious emails and employees are often the biggest cyber security risk

Companies can invest significant resource into cyber security but often overlook the risks their staff represent. Attacks have increased during lockdown as hackers seek out weaknesses created by the immediate shift to working from home for millions of people.

Symantec found that 71% of all targeted attacks started with phishing scams. These are emails sent by criminals that look to have been sent by a legitimate company and ask for sensitive information. Often, these contain a link within the email which takes you to a very believable, fake website with a form for you to input your details. This information is then sent to straight to the crooks who created the website, ready for them to sell or use your data. They may ask for passwords, credit card details or usernames, anything they can use to sell or use illegally.

Although many companies are spending money on cyber security technology they can be less willing to invest in training their staff. According to the exoerts at IT security firm Altinet, 90% of cyber threats come via email, highlighting the imporatnce of training  front line staff to be allert and spot phishing attacks, ofetn acting as the last line of defence.

This is particularly important right now as businesses face more threats from the disruption caused by Covid-19.

Your employees may not be aware of the risks of using any device, work or personal, on an unsecured network. This could be the free Wi-Fi in the local café or on the train to a business meeting. These types of connections may not encrypt your data, meaning it could be intercepted and fall into the wrong hands. Where data is sent in an unencrypted format, such as plain text, you are allowing crooks access to potentially sensitive and valuable information.

Accessing emails and social media is a risk on an unsecured network as you could unintentionally leak passwords or other sensitive information. While accessing a banking app could open up your bank accounts to criminals hacking the network.
Cyber-crime isn’t expected to lessen over the next few years. By 2025, the number of interconnected devices in use is projected to exceed 75 billion, opening up virtually endless opportunities for criminals to attack. 

While your employees may pose a security risk, with the right training you can reduce the risk of falling victim to cyber-crime. The important thing is to assess your business, uncover any weak points and communicate the best processes to all staff.

Business Desk:        Open Access Government:       RiskandInsurance:     IT Governamce

You Might Also Read: 

Every Single Employee Requires Cyber Security Training:

Staff awareness training is the single most important thing you can do to reduce the risk of employee error. And as business need cyber security training and we at Cyber Security Intelligence recommend GoCyber training for all employees and management please contact Cyber Security Intelligence for a free trial.

 

 

« Cloud Security Is Different
Webinar: How To Protect All AWS Services & Surfaces »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Clayden Law

Clayden Law

Clayden Law are experts in information technology, data privacy and cybersecurity law.

Frazer-Nash Consultancy

Frazer-Nash Consultancy

Frazer-Nash is a leading engineering, systems and technology company. Areas of expertise include information security and cyber security.

RSA Conference

RSA Conference

RSA Conference conducts information security events around the globe that connect you to industry leaders and highly relevant information.

Morgan Lewis Law

Morgan Lewis Law

Morgan Lewis is an international law firm with offices in North America, Europe, Asia, and the Middle East. Practice areas include Privacy and Cybersecurity.

Versasec

Versasec

Versasec is a leader in identity and access management, providing customers with security solutions for managing digital identities.

TestFort

TestFort

TestFort QA Lab is a specialized software testing company offering independent quality assurance and software testing services.

Bayshore Networks

Bayshore Networks

Bayshore Networks was founded to safely and securely protect Industrial IoT (IIoT) networks, applications, machines and workers from cyber threats.

Experian

Experian

Experian provide software solutions to help organizations prevent identity fraud and crime.

US Cyber Command (USCYBERCOM)

US Cyber Command (USCYBERCOM)

USCYBERCOM conducts activities to ensure US/Allied freedom of action in cyberspace and deny the same to our adversaries.

Cyber Risk & Insurance Forum (CRIF)

Cyber Risk & Insurance Forum (CRIF)

CRIF helps organisations understand cyber risks and the damage that might occur by supporting the development of effective insurance solutions.

Advisen

Advisen

Advisen is the leading provider of data, media, and technology solutions for the commercial property and casualty insurance market including cyber risk.

Datec PNG

Datec PNG

Datec is the the largest end-to-end information and communications technology solutions and services provider in Papua New Guinea.

Destel

Destel

Destel is a system integrator and provider of IT services focused on Advanced Network & Security Solutions.

Blockchain Reactor

Blockchain Reactor

Blockchain Reactor is a blockchain consultancy and implementation company providing cutting-edge blockchain solutions for start-ups and enterprises.

Militus

Militus

Militus provides the only information security service available that learns and analyzes your network over time using a custom-built network-based toolset.

Tyler Technologies

Tyler Technologies

Tyler Technologies is a leading provider of end-to-end information management solutions and services for local governments.

Horizon3.ai

Horizon3.ai

Horizon3.ai is a leader in security assessment and validation enabling continuous security overwatch from an attacker’s perspective through our NodeZero SaaS solution.