October 7th 2021
CTTL Ltd (CTTL) – www.cttl.net
Information Security Partner of the year (West Indies)
Five Security Threats Facing Employees
IT security is a critical component for the success of everyday business activities. However, numerous companies focus on state-of-the-art logical and physical security controls but overlook a major threat; employees.
About half of new teleworkers have more flexibility now, with the majority working from home worrying about the greater risk of cybercrime. For example, the 2020 Deloitte survey on the impact of COVID-19 revealed that since the pandemic started, employees have noticed an increase in fraudulent emails, phishing attempts, and spam in their corporate email accounts. Besides, the Velocity Smart Technology Market Research Report 2021 found that 70 percent of remote workers had experienced IT problems during the pandemic. Undoubtedly, a remote workforce comes with myriad security risks, with employees relying on their own devices and home networks. Yet, for better or worse, remote working is here to stay, with a Gartner survey revealing that 47 percent of organizations will give employees the choice of working remotely full-time once the pandemic is over.
What are some of the threats facing employees today?
- Use of Insecure Personal Devices
Remote work has increased the use of personal devices for work to promote employee productivity. Unfortunately, employees may share the devices with their friends or family members, causing unauthorized access to confidential information. Also, most employees don’t update their devices or use them to access harmful websites. According to CISO’s Benchmark Report 2020, organizations struggle to manage their remote employees’ use of phones and other mobile devices. Additionally, remote workers use their devices for two-factor authentication or install mobile app versions of crucial work platforms, like Zoom, IM Clients, and Teams. All things considered, the blurred lines between professional and personal life increase the risk that sensitive and confidential information will fall into an insecure place.
- Phishing Threats
Phishing scams account for the largest threat facing employees today. At least 91% of successful data breaches are due to employees who have fallen victim to phishing attacks. Phishing attacks are so popular since nearly every employee has an email account, yet few companies train their employees on the recommended practices for detecting and preventing phishing attacks. In addition, phishing threats have become more pervasive between 2020 and 2021 due to an increased preference for remote working. A recent report found that COVID-19 drove phishing emails up 667 percent between February and March last year.
- Poor Password Practices
Due to increased digitization and work from home practices, employees may use multiple applications to get their jobs done. Nevertheless, poor password management is a threat facing the vast majority of employees. Bad password practices, such as password reuse in different accounts, writing down passwords on paper, creating weak passwords, and insecure password sharing, exposes employees to various threats. These include unauthorized account access and data exfiltration. A Google survey found that at least 65 percent of users reuse passwords across multiple sites. A different survey by LastPass found that 91 percent of people claim to understand the risks of reusing passwords across multiple accounts, but 59 percent admitted to doing it anyway.
- Unencrypted Information Sharing
While many companies encrypt data stored in their network, they forget to encrypt information in transit from remote workers to the company servers. Meanwhile, work from home employees continue to share sensitive information daily, from client account information to confidential files and more, and firms cannot afford not to encrypt and secure such data from malicious activities like fraud, theft, and ransomware attacks.
- Insecure Home Networks
Companies put measures in place to secure their networks and employees’ work devices. But, unfortunately, they can only do so much when it comes to securing home Wi-Fi networks that their employees connect to at home. This lack of control, in turn, poses a security risk to company information and systems. Additionally, while people know how to update security programs on their laptops and smartphones, they often overlook security patches to their home router software.
So, what can companies do to remain secure?
- Ensure employees use legitimate software and keep it up to date. Better yet, users can configure their personal devices to automatically apply updates regularly released by vendors to solve security problems.
- Encrypt all sensitive data at rest and in transit. Deploy email services that offer email encryption to secure messages, contact lists, and attachments.
- Train employees on best practices to detect and avoid phishing attacks
- Develop and implement robust password policies to foster a culture of employee responsibility in a company’s security strategy. At the very least, the password policy should ban passphrases and use of personal information and repeat passwords on company account credentials.
- Ensure your employees update their home network routers when the updates are available to patch any existing security gaps before hackers exploit them.
For more information on how to proactively protect your Digital and Human Estate from known and unknown cyber threats contact us at firstname.lastname@example.org and / or 1-868-332-2885 (CTTL) and ask about CTTL SECURE – 24×7 Automated Protection.
D.M.Ramdathsingh – MSc , PgD – UK and Singapore
Chief Digital Officer (CDO) || CTTL Ltd (CTTL)