The Security Awareness Issue
We aim to provide you with a round-up of our latest offers and essential info to help increase your productivity and keep you secure. This month you can::
* See the Blue Coat survey that shows a disconnect between employee awareness of cyber threats and their actions.
* Download your free Internet Acceptable Usage Policy – ‘heavy’ or ‘light’ version.
* Learn about Social Engineering and find out how Phish-prone your employees are.
As always, if you’d like more information on any of the topics covered, please email: [email protected]
Cyber Security and Employees: Are Their Eyes Wide Shut?
Blue Coat Research Shows Workers Ignoring Known Cyber Risks, Surfing Adult Content and Downloading Unapproved Apps.
A recent global research study of 1580 respondents across 11 countries highlighted a global trend of employees ignoring cyber risks while at work. Results from the survey found that universally, workers visit inappropriate websites while at work despite typically being fully aware of the risks to their companies.
Blue Coat’s research, conducted by independent research firm Vanson Bourne, found the actions of employees at odds with their awareness of the growing cyber threats facing the workplace. In addition, this risky behavior can leave both sensitive corporate and personal data open to being stolen and used immediately, stored for future use, or sold into a thriving black market where compromised corporate and personal identities are traded globally.
One source of cyber threats is the practice of phishing. Cyber criminals continuously conduct extensive research on employees’ social profiles to find information that can be used to attack organizations.
For example, an attacker may create a seemingly personalized email targeted at an IT administrator for a large enterprise using information found on social media profiles, such as the recipient’s alma mater or favorite sports team.
That email may contain malware that is downloaded once the recipient clicks on a link included in the document.
Pornography continues to be one of the most popular methods of hiding malware or malicious content. Even though awareness is high of the threat posed by adult content sites, workers are still visiting these potentially dangerous sites.
The Blue Coat survey found that at 19 percent, China has the worst record for viewing adult content sites on a work device, with Mexico (10 percent) and the UK (nine percent) not far behind.
Click Here to see the Survey Highlights>>
Review your Internet Acceptable Usage Policy
We’ve produced two versions for you to use – one ‘heavy and one ‘light’. You can download both to see what’s right for your organisation:
What is Social Engineering?
Social engineering is the deliberate application of deceitful techniques designed to manipulate someone into divulging information or performing actions that may result in the release of that information.
During a social engineering attack, the target is not aware that their actions are harmful. Attackers use a variety of methods to trick victims into divulging useful information or performing an action such as clicking a malicious link.
A current phishing attack comprises emails with links to download the new no-charge version of Windows 10, or purports to have it “attached” in a zipped file. (See: Our latest blog post>>)
A social engineering attack can be targeted or opportunistic. Targeted attacks typically focus on a specific individual, whereas opportunistic attacks aim to gain information from anyone in a specific position (such as a helpdesk).
Vigilance (the ‘Human Firewall’) is the only fail proof protection against social engineering.
How Phish-prone are your Employees?
Most people have seen scam emails long enough to know they are not real. However in a work environment, how would your employees react to:
* A seemingly benign email from a recognisable sender?
* A legitimate looking email offering an attached PDF or Word document?
* A real-looking link to a web site within a ‘trustworthy’ email?
How many of your employees would open the attachment or click on the link?
Employees often assume a work email is safe as it has been through all of your layers of security, including email and web content filters.
Do your users understand the ramifications of introducing undetected malware into your environment?
Do they know this malware can capture their keystrokes, turn on their web camera and microphone, and capture screen shots or data from their system and transmit this data to cyber-criminals completely undetected?
Unless you can answer the above questions with a high degree of certainty, it may be time to implement measurable security awareness testing and training of your staff to see just how Phish-prone they are.
This is where we can help – Infosec Cloud offers a fully Managed Security Awareness Testing and Training Service. Click Here for more information >>