Are your employees and asset, or a liability?

Business people discussing business contract

According to Fireeye, 91% of cyber attacks begin with an email. These emails are the source of malware, ransomware, business email compromise, and network compromise. How do the offenders select their targets for these emails? What is on the other end of these emails? Guess what happens to your business network when your employees are not trained…

How does this work? “Bad” guys know there is a tremendous amount of information related to employees and their companies on social media. They select a victim company based on their requirements and begin to mine social media for information related to the target company and its employees. Some employees make it very easy for “Bad” guys to build a profile, due to the amount of information they post about themselves. The profile information includes your company’s email format, for example first initial last name @ company name. This information facilitates the creation of target specific email. Next the “bad” guy attaches malware to the email. Finally, the email is sent to your employee and….your network is compromised. All of the money you spent on hardening your network was wasted in this instance, because the offender by was invited in.

The solution to this problem is not soley a technical one. The phishing tests are important, but if your employees do not know what is at stake they will not take them seriously. That being said, the one thing determining which category your employees fall into is training. If your employees are trained they are an asset, if they are not trained they are a liability. Following this same train of thought, untrained employees can be the weakest link to an organization’s cybersecurity.

With decades of experience in education and training at all levels, we can design an appropriate program for your employees that is both engaging and informative. It is important to note security has two sides, physical and cyber. Some of the basic concepts apply to both, but they become very different quickly. The most requested training programs involve email based threats, phishing, spear phishing, ransomware and social engineering.