Businesses must do everything they can to mitigate risk from malicious cyber activity. Data breaches are costly – according to the Ponemon Institute’s 2018 report, the average cost of a data breach to a company in the United States is a hefty $7.91 million. The average time it takes to identify a breach is 196 days. Aside from the material costs associated with a breach, there are also longer-term consequences to consider, such as loss of reputation and consumer trust.
The effects of a cybercriminal activity can be devastating, which is why many companies prioritize their cybersecurity efforts. Unfortunately, one of the biggest vulnerabilities is right under the company roof.
A comprehensive analysis of 53,000 security incidents from 67 businesses around the world found that two of the top three threats facing business security today involve human error. The report, compiled by Verizon, suggests that it’s the human factor that creates the greatest vulnerability – workers continue to fall prey to social attacks.
Your employees, particularly your part-time employees, could be putting your company at risk. Here’s what you can do to protect your business.
The Threat of Pretext
The Verizon report states that the act of financial pretexting and phishing make up about 98% of all social breaches. That’s almost all of them. Worse, they make up 93% of all breaches. Pretexting is the act of tricking a victim into giving away information that may be used to steal passwords or credentials. Companies are three times more likely to experience a breach via social attack than other vulnerabilities, which highlights the need for continuing employee cybersecurity education.
Unfortunately, part-time employees are often not as involved in the organization as full-timers. They may not have as much time to catch up on company policy or attend continuing education. As the nature of work extends into flex time and telework, companies may struggle to develop comprehensive policies that everyone can learn and adhere to.
Businesses in the customer service realm are particularly vulnerable to social attacks. Employees are coached into being service-oriented or knowing that the “customer is always right.” This can lead to situations where hackers take advantage of the need to please to obtain credentials – for example, by pretending to be an angry customer locked out of an account.
Employers can mitigate this risk by limiting access to administrative level permissions, like for example, limiting access to only full-time employees who undergo rigorous cybersecurity training and to those who understand how hackers can attempt to gain access to data.
The Problem With BYOD
As the nature of work becomes more flexible, part-timers and full-timers alike are more likely to “bring their own device” and complete work on a personal smartphone or tablet. While they allow workers convenient access to their work and can improve company productivity, it also complicates the process of securing the company network.
Using home computers can allow companies to connect to the company network via Virtual Private Network (VPN), but the company still has little control over the home computer security. Employees may also use their personal phone for work email and other applications, which can be particularly dangerous over public and mobile networks. Part-time employees are far more likely to check email through these means since they are at their work terminal less.
If an employee needs a mobile application to complete their work duties, companies should take steps to enforce permissions. Proper security protocols can ensure the protection of proprietary company information while allowing employees access to necessary data on personal devices. If a part-time employee does frequently work from home, they should have the same security software as any other company machine.
Avelera can help you mitigate cybersecurity risks by content filtering and blocking potentially malicious apps with its PEAK service. Learn more about our tools today and how they can enhance company productivity and business security