Login

Welcome
Are you a new user?
Register Here





Retrieve Password
print   email   Share

Fighting Cybercrime Starts With Addressing Employee Cyber Negligence

At a recent conference entitled "Cybersecurity for CFOs," cybersecurity experts shared a number of facts about cyber risks.

Because every employee uses the internet, they create exposure for their organization. Employees cause 53 percent of all data breaches.

Of all breaches, 93 percent involved some form of phishing. Research shows that 78 percent of employees will not click on a phishing email, leaving 22 percent who might.

Crimeware is a new trend in phishing attacks. Now, using crimeware, cybercriminals can create mass spam messages, including phishing emails, from their smartphones.

Small- to medium-size organizations are especially at risk. Cybercriminals target them in more than 50 percent of cyberattacks, and 75 percent of smaller organizations do not have cybersecurity insurance.

Often, hackers will target these organizations in order to access big corporations. They may breach a smaller organization and then wait months for a merger or other opportunity to use their access to target a bigger fish. For example, cybercriminals breached Target, Marriott, Chili's, and Under Armour by hacking their third-party vendors.

Recovering 5,000 records following a data breach can cost nearly $1.1 million. Sixty percent of organizations that are hacked will go out of business. Rebecca J. Barnabi "Winning the cyber war: Data breaches may be one of the biggest threats of the 21st century" dailyprogress.com (Apr. 05, 2019).


Commentary

The above statistics are a sobering wake-up call to any organization to become more stringent about cybersecurity best practices.

Employee negligence is the “Achilles heel” of most cybersecurity plans. Therefore, constant training in the form of reminders, short quizzes, periodic longer training sessions, and weekly examples of the latest cybercriminal methods can keep the issue of data safety in the forefront of employees’ minds. Employees must be supported by management to slow down and be careful with every email. It only takes one employee clicking on a fraudulent link to jeopardize your entire network.

The following signs indicate that an email is may be a phishing scam: requests to send personal information over email; a suspicious looking “From” address; a large number of recipients or an undisclosed recipient list; a suspicious web address when you hover over a link in the email; misspellings or grammar mistakes in the email; a stranger offering to give you money; requests for you to provide money up front for a processing fee or other questionable activities; and claims that important information is included in an attachment.

Unless you are certain and already expect an email with an attachment, verify it before clicking on it. A few extra minutes of caution can avoid an expensive, time-consuming effort to repair the damage of a breach of your organization’s data.

Finally, your opinion is important to us. Please complete the opinion survey:

Today's Workplace

Fighting Cybercrime Starts With Addressing Employee Cyber Negligence

New statistics show the risks associated with employee negligence and cybercrime. We provide the data and provide some best practice steps.

read more

Protecting Privileged Credentials: An Essential Step In Cybersecurity

Organizations must take measures to prevent privileged access credential abuse, the leading cause of data breaches. Read ways to protect these valuable credentials.

read more

CEO And CFO Fraud Creates Exposures For Boards

The SEC finds two Silicon Valley company officers committed a $700 million fraud. What oversight was missing that led to this enormous fraud? We examine.

read more