With over 500,000 global cyber attacks taking place every day (Gartner) at an annual estimated cost of $400 billion (McAfee), cyber crime poses a major threat to organizations of all sizes.
And while businesses tend to focus on strengthening the security of the technologies they utilize, they do little to confront the growing threat their employees pose.
A report from Norrie Johnston Recruitment found some startling statistics that portray a range of bad employee habits that leave companies vulnerable to cyber attacks:
- 23% of employees use the same password for different work applications.
- 17% write down their passwords, making their accounts vulnerable to password hacking.
- 16% work while connected to public Wi-Fi networks.
- 15% access social media sites on their work PCs.
Just look around your office now: Who has passwords on post-it notes stuck to their screen? Who is using Facebook? Who shares login details to access an account? Who is working on another person’s computer?
These sorts of bad working habits, combined with a lack of employee awareness of cyber security best practice in the workplace, have resulted in a number of easily avoidable data breaches and asset losses.
One tactic cyber criminals are using more often is targeting employees via social engineering.
Earlier this year, scammers impersonated Texas-based AFGlobal’s CEO and convinced the company’s accountant to wire $480,000 to a bank in China. AFGlobal claims the fake CEO then followed up via email with wiring instructions.
According to AFGlobal, the imposter “seemed to know the normal procedures of the company” and it appeared that he had a “long-standing, very personal and familiar relationship with Mr. Wurm (the accountant) — sufficient enough that Mr. Wurm would not question a request from the CEO.”
With cyber criminals becoming more creative and daring, employees are losing the fight.
Employees should be bold and question people they haven’t seen in the company before. They should alert their line manager to anything even slightly unusual. They should not be afraid to double-check requests they’ve received.
In order to educate their staff on the information risks they face and how they should respond, e-learning is becoming an increasingly effective option for many organizations.
Taken by your employee at their desk, our short Information Security E-Learning Course covers security risk scenarios and how employees should respond, what to be aware of in email security, how your organization can improve its information security, and best practice for passwords, portable media, and working from home.
Positive, aware, and well-trained members of staff are a major asset and play a crucial role in mitigating cyber security risks.