Despite your company’s best security efforts, your employees are still your weakest security link. Don’t blame them. Test them, then educate them with training. At Hueya, we are focused on securing the human and reducing risk. Because humans are also employees, we keep businesses protected with threat simulators, such as Hueya’s PhishOn phishing and social engineering threat simulator to mitigate the threat and risk of a data breach. Companies can empower employees to be their first line of defense to stop threats before they do damage.
Cyber attackers are finding that it’s easier to hack humans than it is to hack through robust online and physical defenses. The use of social engineering in cybercrime often involves tricking people into breaking normal security procedures. The success of these exploits often relies on people’s willingness to be helpful. Even if an organization has good security processes and training, and even if people faithfully follow security procedures at work, they are typically unaware that a simple click can put their employer at risk and cause extensive damage. Take, for example, phishing.
Phishing is when a malicious party sends a fraudulent email disguised as a legitimate email, often purporting to be from a trusted source. The message is meant to trick the recipient into sharing personal or financial information or clicking on a link that installs malware. How it works is an employee receives an email and clicked on a link or opened a file they weren’t supposed to open. According to the recent Verizon data breach report, a phishing email is the first phase of an attack. Why? Because it works well researchers found, with 30 percent of phishing messages opened.
Here’s how phishing works
- Cybercriminals use social engineering techniques to enter your organization unannounced, launching past your security controls with finesse.
- Disguised as a manager, partner, or IT admin, cybercriminals are targeting your employees, contractors, and directors.
- Cyber criminals use relevant and believable scams that mimic your communications, your applications, and business workflows:
- To steal valuable data and ruin reputations.
- This data is then used by cybercriminals to scam your customers and employees while holding you ransom.
Phishing is the #1 threat to your company and phishing scams are targeting and baiting your employees. In fact, 90 to 95 percent of all successful cyber attacks worldwide are the result of successful phishing scams, according to a recent report. Your employees straddle your security controls which puts your company at extreme risk for a data breach that could result in your company’s information and customer data being compromised.
Last week, I was interviewed on KGW’s Portland Today show to discuss what people can do to protect their cyber information, and ultimately, their employers’ information–which could be sensitive payroll or medical information. You can watch the interview below. Through increased awareness and employee education, we can slow the tide of phishing attacks in 2018 and beyond. I hope you’ll join me in the fight.