With compromised data and crippling security breaches on the rise, CISOs must ensure that every asset within the organization is secure against growing information security risks. While implementing the right policies, tools, and strategies is a crucial part of the job, many security leaders overlook securing their employees, who are arguably an organization's most important asset.
Studies have shown that human actions cause 90% of all security breaches. As remote and hybrid work environments become a permanent fixture for many organizations, the risks employees expose themselves to become even more significant. First, due to a lack of direct support from their IT teams, remote employees are more vulnerable to cyberattacks. Second, employees log in to company systems via their home networks for remote access, which is risky because they're also using those same work devices for personal tasks. The threat landscape is exponentially increased as a result of this combination and must be addressed by CISCOs.
With 46% of the Alexa top one million websites deemed risky, employees are unknowingly putting their businesses at risk with their online activity. We recently analyzed more than half a million dangerous website visits by enterprise employees in more than twenty countries. Based on this analysis, we identified the top risky behaviors employees engage in online. Below, we double down on each of these activities and the security risks they pose.
- Leveraging P2P Software and Private VPNs: The number one threat to enterprises is the use of peer-to-peer (P2P) software, private VPNs, and anonymizers, which allows users to freely access and share content without being recognized. This anonymity poses a high risk for enterprises, as studies show that 38% of private VPNs contain malware, and 82% of private VPNs can read their client's sensitive data.
- Visiting Compromised Websites: Visiting compromised shopping websites is another top method. Cybercriminals use fake websites that look like popular online stores like Amazon to trick employees into disclosing credit card or authentication information.
- Streaming Pirated Content: Our benchmarks reveal that 3% of users in a typical enterprise watch pirated TV shows and movies. Employees can unwittingly install malware on their laptops with a single wrong click.
- Using Personal Cloud Storage: Many employees try to back up their corporate data to their personal cloud. Simply put, businesses must prevent sensitive information from traveling outside of their control. Client contracts that prohibit sharing sensitive data outside corporate systems may be violated if personal cloud storage is used.
- Accessing Websites that Enable Online Fraud: Fake charities and fraudulent crowdfunding campaigns leverage holidays and news stories (i.e., hurricanes) to lure generous and unsuspecting employees into making contributions or sharing their bank account or credit card information.
Employees require specialized guidance to identify and remediate each of these online threats effectively. Security leaders can help their workforces understand how individual behavior affects their organization's security posture and take proactive steps to address these threats by providing
just-in-time personalized advice to employees as they visit risky websites. For more information on how SecurityAdvisor can help you reduce security incidents in a quantifiable way through personalized, real-time coaching, click here.
Learn how SecurityAdvisor can help your team
Schedule some time to talk with one of our experts and they will show you how we can help your organization.