Another great article by WSJ – this one on information security and employee security awareness. Because hackers today are so advanced, applying all the security solutions at our disposal and shoring up the perimeter isn’t enough anymore.
As the story states, “These days the hackers aren’t just hacking networks. They’re hacking us, the employees”.
The majority of corporate security breaches involve hackers who gained access to company networks by exploiting well-intentioned employees. Employees click on emails that download viruses, circumvent company tech-support rules, do work with personal mobile devices and consumer-grade online services.
They make themselves easy targets by posting information about themselves and their jobs online. It makes it easier for a hacker to compose a message that looks like it’s coming from the employee’s manager, for example.
We’ve all learned to ignore the messages that come from a bank or the IRS, but if you receive an email that is crafted extremely well, and looks to be from an internal department of your organization, or contains your company logo, or mentions other people’s names within your organization, how are you to know?
In a recent test, KnowBe4, a firm that provides security awareness training, was performing some social engineering. It sent phishing emails to employees at 81 companies from a reputable and trusted server. 43% of them had one or more employee click on the link in the emails. In a second test, using unknown and untrusted servers that were filtered out by many corporate email systems, still at least one person in 15% of the companies clicked on the emails. All it takes is one person to fall for the trick and the damage is done.
Employee vigilance is key – as well as regular security awareness reminders and training.
Sr. Account Executive