Many executives are in the midst of solidifying a remote workforce for their business. In turn, the emphasis on cybersecurity is growing rapidly. Some companies may assume that external threats are the most important problem that they need to protect against when it comes to cybersecurity. However, Mcaffee found that 43 percent of data breaches were caused by internal users. Of those, 21 percent came from unintentional actions by employees.
Why Employees Become Targets of Cyber Criminals
Employees may not be aware of common types of attacks cyber criminals are using. They could look out for the obvious ones, like malicious software attachments, but completely miss more subtle ways that cyber criminals use to break into a network. The tech-savviness of employees varies between departments and individuals, since this skill set may not be expected for people outside of the IT team. Advanced persistent threats, which are sophisticated cyber attacks, will target employees that are in key positions or who represent particularly vulnerable areas of the organization.
Cyber Criminal Methods
The methods used by cyber criminals vary based on their intended goals, whether they’re specifically targeting your company, their hacking experience, their funding levels, and whether they’re simply opportunistic.
Employees and Phishing
Phishing: Phishing uses email and other direct communication channels to try to trick an employee into clicking on a malware attachment contained in the message or going to a fraudulent link. The link takes the employee to a page that might look like a legitimate workplace resource, but it actually is set up to steal account information or other sensitive data.
Email spoofing is sometimes used alongside phishing methods. It spoofs the sender’s address so it looks like it came from someone in the organization or one of the external partners of the company.
Social Engineering: Social engineering takes many forms, from pretending to be a new employee in-person to positioning themselves as a manager or another person in a leadership position via email or other forms of communication.
The cyber criminal may try to get account information or physical access to equipment. The employee may assume that the hacker has a legitimate reason to access that part of the building.
Compromised Personal Devices: Companies with Bring Your Own Device policies may encounter employees who have compromised smartphones, laptops and tablets connecting to the business network. Those systems may lack adequate protection against cybercriminals and that puts your organization at risk.
Stolen Work Equipment: Work-issued devices, such as mobile phones and laptops, could get stolen. Accounts saved on that equipment may be used as part of a phishing attack or data breach.
Shared Usernames and Passwords: Employees may use the same usernames and passwords that they do on personal accounts, which could get compromised due to data breaches. If that combination gets added to a list of hacked accounts, the attackers could try that username and password for work systems.
Vendor Logins: External partners, such as vendors, often have access to internal systems. While they aren’t employees of your company, they may be able to get to the same types of systems.
Combatting these cyber attacks is one of our specialties. Stay tuned for Part 2: How Companies Protect Themselves Against Cyber Attacks. For more information, please check out our IT Services which includes cybersecurity to protect your remote workforce. If you have questions, please feel free to schedule a consultation online or give us a call now at: 832-910-9222