Five Ways Your Employees Can Kill Your Company

defenseindepth1 257x300One - Insider Threat: Stealing valuable information for either profit or idealistic motives. Examples: Software developers taking home code for their next job, sales people downloading customer databases and move to the competition, and then there are whistleblowers like Snowden who can destroy your reputation whether you deserve it or not. The Insider Threat can be mitigated by thorough attention on the Policies, Procedures & Awareness layer of your "defense-in-depth" model, focused on granular access control, data leak prevention and compartmentalization of data.

Two - Allow access to a restricted area: You'd be surprised how easy it is to walk into a building with nothing else than a clipboard and a falsified ID. Penetration testers use this social engineering trick all the time with great success. People instinctively want to help other people; they are courteous opening doors with a friendly smile. How about that smoking area at the back of the building, someone standing there could easily piggyback in with some other smokers returning to work. Who knew the person they let in was a hacker that installed a keylogger on the PC of the CFO? Policies and Procedures are again the determining factors in these cases. Employees need to be trained or you will feel the pain.

Three - Open an infected email attachment: Advanced Persistent Threats use highly targeted spear-phishing emails with an attachment that is not flagged as dangerous because your antivirus does not know about it (yet). An example is a C-level executive who received an email from a charity requesting the exec's input about a fundraising drive. The attached Word Document was infected and sent the user's login credentials to the hacker which allowed the bad guys to completely take over the network. (Here is a link to a 2-minute video with Kevin Mitnick that shows how it's done.) 

Four - Insert an infected thumb drive in their computer: An employee simply inserting a thumb drive they found in the restroom can open your network to the outside with disastrous consequences. It can be impossible to resist checking out what is on that drive if the label says: "Q2 Layoff Plan". And how did that drive get in the restroom? An attacker was given access by a new employee who was not properly trained during their onboarding process. 

Five - Click on a link in a phishing email: Most people are not aware of the fact that these days it only takes one click to let cybercriminals into your network. Cybercrime has gone pro. It's a 3 Billion industry with a well-developed underground economy. Nine out of ten times the infection is caused by a legit site that has been compromised and serves malware to visitors that arrive there by clicking on a link in a phishing email. 

It honestly is no exaggeration that today one click actually can kill your company. It won't happen overnight, but if suddenly a foreign competitor sells a product almost identical to yours for one third of the price, it may be enough to bankrupt you. Security Awareness Training is no luxury these days. It's a "must-do" piece of the puzzle to keep the bad guys out. 

Free Phishing Security Test

Would your users fall for convincing phishing attacks? Take the first step now and find out before bad actors do. Plus, see how you stack up against your peers with phishing Industry Benchmarks. The Phish-prone percentage is usually higher than you expect and is great ammo to get budget.

PST ResultsHere's how it works:

  • Immediately start your test for up to 100 users (no need to talk to anyone)
  • Select from 20+ languages and customize the phishing test template based on your environment
  • Choose the landing page your users see after they click
  • Show users which red flags they missed, or a 404 page
  • Get a PDF emailed to you in 24 hours with your Phish-prone % and charts to share with management
  • See how your organization compares to others in your industry

Go Phishing Now!

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

Subscribe to Our Blog

Comprehensive Anti-Phishing Guide

Get the latest about social engineering

Subscribe to CyberheistNews