How Your Employees Put You At Risk for Cyber Attacks

How Your Employees Put You At Risk for Cyber Attacks

The cost of cyber attacks is huge. By 2021, this type of attack will have cost the world about $6 trillion, and businesses make up the bulk of the victims. In fact, 58% of the victims are small businesses. So no matter how many people you employ, know that your business will always be an attractive target to cybercriminals. After all, the average employee doesn’t take adequate steps to protect the company from cyber attacks. In particular, here’s how employees put companies at risk of cyber attacks on a regular basis, and what employers can do about it.

Opening Phishing Emails

One of the main ways your organization is put at risk for cyber attacks is through phishing emails, which are fake emails that can load malware onto a computer or trick recipients into giving out private information when they click links or open attachments. In most cases, phishing emails appear to originate from a legitimate source, such as a bank or other trusted business, which is why recipients often open the email and click on links.

Phishing attacks are so common that 91% of cyber attacks start with phishing emails, and studies show 50% of email recipients click on phishing links. So, if you can train your employees to not open and click on links in emails from unknown senders you will greatly reduce the odds of falling victim to cyber attacks. Note that phishing also comes in other forms, such as phone calls/voicemails (vishing) and text messages (SMiShing), so employees should be trained to be cautious about giving out personal information through the phone, as well.

Use of Unsecured Networks

Another way your employees put your business at risk of a cyber attack is through the use of unsecured networks. With more companies allowing employees to work from home or from the local coffee shop, this is more of a risk than ever.  When your employees use their smartphone or laptop to work on an unsecured network in a public place, the data isn’t encrypted, making it possible for cybercriminals to intercept sensitive details as they’re sent in plain text.

More specifically, this is how cybercriminals can intercept user names, passwords, credit card numbers, and other information you don’t want in someone else’s hands. Additionally, some cybercriminals can distribute malware to devices on unsecured networks, resulting in your employees becoming infected with a virus on their phone or laptop, which is a problem for you if they use these devices for work. Be sure employees know to use a Virtual Private Network (VPN) when they work outside the office, in order to securely encrypt their data.

Installing Unknown Apps and Programs

Your organization should be cautious about letting employees download unapproved programs and apps onto the computers at work. In doing so there’s a chance they’ll download malware to their computer, especially if downloaded from an unapproved or untrusted site.

Malware can cause damage to the operating system of any device, including stealthily recording private information and using it to steal money or even identities. Certain programs can even spread across the entire corporate network, potentially crippling an organization’s IT environment and resulting in thousands or even millions of dollars in lost sales and productivity.  Organizational policies and training are key to limiting these exposures.

Failing to Update Software

Finally, many employees and organizations neglect to regularly update firmware, operating systems, and applications, resulting in an open door to cybercriminals who are ready to take advantage. After all, most system updates add new security features that can protect devices from the latest types of cyber attacks. Without these updates on a computer, you are making the job of the cybercriminal easier than ever.

Best practice is to facilitate automatic and scheduled updates on work devices whenever possible.  Processes around automated patch management and deployment of updates is a must for corporate and SMB networks in order to secure your environment.

Mentis Group engineers are experts at securing business environments from cyber attacks.  Contact Mentis Group today to learn more about our WORLD CLASS Security Awareness training and testing.