There is no doubt that the information of companies, of all sizes, is an irreplaceable asset, which in the event of loss, reduces their competitiveness and certainly financial losses. In this sense, investing in internet security for companies, especially for employee use, becomes increasingly necessary.
According to the Cybercrime Magazine portal, Cybercrime Will Cost the World US$10.5 Trillion Annually by 2025 , therefore, so that these estimates do not increase in the coming months, it is important to read this article carefully.
The key point here is the employee's role in this process, which, by the way, is a determining factor in the vast majority of cases of data security breaches in companies, as you will see in the next few lines.
What is the employee's role in the company's internet security?
As we saw previously, attack predictions are not encouraging. The growth in these numbers is due to the fact that digital criminals are changing their targets. In short, instead of exposing themselves by directly attacking the organizations' networks, where they know that there are many protection and detection mechanisms implemented, they attack the weakest link in the chain, the user, in this case, the employee.
Examples of attacks due to errors, often small, by employees have been reported countless times.
To help you understand better, I have listed below the main reasons why employees are directly responsible for the company's internet security.
1. Opening emails
Still widely used by companies, email is not first on this list by chance. Opening emails containing malicious links, better known as Phishing, is huge.
Using various tricks to persuade the employee to click on the email link, the criminal obtains confidential data from the employee, and in many cases, from the company itself.
Nowadays, cybercriminals use social networks to collect relevant information, such as occupation, address, friends and likes, about their targets in order to use it in social engineering attacks. This information is used to trick the employee into thinking that the email he has just received is true.
Furthermore, there is a new attack, very widespread in recent months, which combines the sending of a fake email or SMS and a voice call. This attack is called Vishing, and uses social engineering as a success factor for attacks.
2. Social Media
My 78-year-old grandmother uses Facebook, Instagram and WhatsApp. Also watch religious videos on YouTube on your SmartTV (seriously). If even an elderly woman, who at the height of her youth only listened to the radio and in poor quality, why think that employees don't use social networks during work?
The detail is not just use, but the dangers to the company's internet security that uncontrolled access can cause.
With the large number of users, hackers' chances of getting what they want are greater on this channel. They then create several false advertisements, called Malvertising, which in some way (usually a product with a much lower value than usual) induce the customer to click on the ad and provide information such as CPF and credit card details.
Employees on social media during working hours, especially around commemorative dates, can cause major problems for the company's internet security.
3. Access to harmful websites
Many websites on the internet contain advertisements, pop-ups and malicious links. Pornography sites, for example, are fraught with dangers.
Lay and unprotected users use these sites during work or during breaks, and put company information at risk if they do so from a company device.
Control employee access to websites considered harmful or that typically contain malicious content.
4. Downloads
As I said previously, fake emails may contain attachments to download harmful content. Furthermore, downloading pirated software by employees can cause major security problems on the company's internet.
Unlicensed software, with changes to its normal operating mode, can carry security holes and other malicious files.
Original programs receive security updates periodically, seeking to correct problems and new developments in the world of internet security.
Not keeping track of downloads and software installed by employees can become a gateway for hackers.
5. Sensitive information
Keeping the company's confidential information under the responsibility of employees may not be very interesting. Imagine that an employee who knows a lot of sensitive information about the company openly talks about it with his family over the internet. If your cell phone, for example, suffers any type of data security problem, the information it distributed will be available to the digital criminal.
An important employee who has important information about the company with him must take extra care with internet security.
6. Photos in the workplace
It is common for people to publish photos in their work environments, showing their daily lives and tasks. However, be very careful with this! With a small oversight, important information about the company could fall into the wrong hands.
Imagine that bank details or passwords are described in a printed table on the employee's desk, and the employee publishes a photo where these details appear in the background. As I said before, hackers study their targets, looking for information to plan their plan in the best way.
Therefore, photos or videos of workplaces containing confidential information and data must be treated with great care by employees in the company.
7. Transparency in case of problems
Often, employees download a malicious file, or install pirated software, and cause problems on your computer or device. Many of them just try to momentarily fix the problem, uninstall the software and continue their work. However, malicious files are unlikely to leave the device with a simple deletion by a lay user. The professional responsible for the company's IT systems will certainly have to scan for malware installed on the machine and remove it immediately.
In cases where there is no such control, the device can remain vulnerable for a long time, until the security fragility is realized, or in the worst cases, it suffers a cyber attack.
Instruct employees that in the event of problems related to systems and software, it is important to maintain transparency and inform the responsible professional, so that repairs can be made as quickly as possible.
The weakest link in the chain
Currently, many companies are being invaded by simple and unsophisticated attacks. Cybercriminals have used techniques to persuade people to take actions they want. Attacks that could be avoided if users had been trained or had control and protection.
Changing the behavior of either the employee or the manager must be considered when there are internet security problems.
Employees will always be the weakest link in the chain, and also the biggest target for hackers.
In the Internet Security Guide for Companies you will find several ways to identify the company's internet security weaknesses .
I hope I have clarified your doubts regarding the importance of employees in the company's data security.
To the next!
1 comment
Comments closed