Hackers know there is a tremendous amount of information related to individuals and their employers posted on social media. They select a victim company based on their requirements and begin to mine social media for information related to the target company and its employees. Some employees make it very easy for hackers to build profiles, due to the amount of information they post about themselves online. The profile information could include your company’s email format, for example first initial last name @ company name. This information facilitates the creation of target specific email. Next the hacker attaches malware to the email. Finally, the email is sent to your employee and…. your network is compromised. All the money your IT Department spent on hardening your network was wasted in this instance, because the offender by was invited in.
The solution to this problem is not solely a technical one. Phishing tests are important, but if your employees do not understand what is at stake, they will not take them seriously. That being said, the one thing determining which category your employees fall into is training. If your employees are trained, they are an asset, if they are not trained, they are a liability. Following this same train of thought, untrained employees can be the weakest link to an organization’s cybersecurity.
It is important to note security has two sides, physical and cyber. Some of the basic concepts apply to both, but they become different very quickly. The most requested cyber awareness training programs involve email-based threats, business email compromise, spear phishing, ransomware, and social engineering. (Please see the Risk Mitigation section for information on the Physical Security services we offer.)