The Weakest Link to Security: Employees
Updated: Feb 12
Successful hackers know the end-user is the weakest link in an organizations' cybersecurity battle. Through email phishing campaigns, hackers can easily get untrained employees to download and install malicious software.
According to a 2017 report by Kaspersky, uninformed or careless employees are one of the top causes of cybersecurity incidents. Employees are an entry point to get inside corporate infrastructure, so cyber criminals use phishing emails, weak passwords, fake tech support calls and ransomware to access confidential company data.
As the biggest threat and cause of major security breaches, end-users are suffering from information overload and get careless when clicking email attachments. And mobile device use, employees are logging on to unsecured networks to access company data, reusing passwords and losing their mobile devices, thereby exposing companies to even more risk.
Companies must foster a culture in which everyone understands,
respects, and keeps security top of mind.
What's the answer? End-user training. Training users to identify phishing attacks and not to click on links in email messages is your company's best defense against cyber attacks.
Tips for end user training:
Have a formal, documented plan for cybersecurity training that is reviewed and updated often with the latest information on attack methods.
As part of your onboarding process, make cybersecurity training an important topic to be covered with all new employees.
Conduct yearly (if not more often) employee cybersecurity training so that everyone gets the same information and learns to protect the company network, as well as their personal computers at home.
Send dummy phishing attacks to employees which allows you to see if employees are clicking on the bad stuff.
Reward employees who pass simulated tests and retrain those who need further reinforcement.
Organizations with well-trained employees are less likely to be affected by cyber attacks. By simply educating employees, your organization is better able to reduce the number of security threats that reach your network in the first place, thereby dramatically reducing risk and improving security confidence.