A recent study by Duo Security showed a third of employees clicked on malicious email links, leaving the company waiting for an attack…
Within this same study, employees were asked to provide their user name and password credentials and 17% of those who participated in the survey, did. So what risk is your staff posing?
Employees require consistent cyber security training to be properly educated on what to look for in these malicious emails. PC Pitstop’s Vice President of Cyber Security, Dodi Glenn, made the following statement to IT Business Edge regarding the staggering number of employees who fell for the malicious emails,
“Many people are simply gullible, and the hackers realize this. The more urgency they place on the phishing email, the more likely people will fall for them. Social engineering is an art, and the hackers are mastering it. Interestingly enough, we often find ourselves recognizing we fell for the scam, shortly after giving out information. The ‘uh oh’ sensation is all too familiar for many.”
Employees also need to understand the importance of access administration. There should be no reason why a fellow employee would need your access credentials. If co-workers were supposed to have access to it, they would with their own log in information.
As employers, it is important proper training is occurring, at a minimum, on a quarterly basis. Also, it is encouraged employers spread awareness of the potential consequences of phishing scams and failing to comply with the access administration policy. Many times, employees may simply be lacking the awareness of the security issues these threats pose. By sharing the risks involved, the employees should be less likely to share their access credentials, as well as click on unknown emails.