Cyber-attack risks for companies with employee origins 0 90

As part of the initial security relationships we build with new clients, ESET surveys management and responsible employees about what they view as their biggest security challenges. Responses at many large businesses identified the bad security behavior of their employees as one of the biggest security challenges. It is paradoxical that although companies realize that raising security awareness among personnel would increase their organization’s security, by in large they do not invest enough resources into this.

For the purpose of increasing physical security and safety within a company, in many cases employees must attend mandatory training on workplace and process safety, as well as health and fire protection as part of the onboarding process. However, these days a company can not only be put out of operation by a fire, but also via a successful cyber-attack or an angry employee deliberately compromising security. Another very common case is lack of security-mindedness by employees, who might carelessly click on strange attachments or access insecure websites in an effort to solve either personal or work-related queries. Therefore, it is in the interest of employers to raise awareness among all employees about responsible behavior on the network, to support ongoing training and/or e-learning as well as to monitor both access rights and abrupt changes in usage behavior.

Businesses should focus on education along with directives

Companies should implement certain rules of proper internet and network usage. These rules should include what not to click or download, who to consult regarding suspicious mails, and what to do if an employee suspects that something bad has already happened. All this information can be incorporated into a company’s internal directives, which would allow the company to discipline an employee who violates the security directives repeatedly.

However, the directives should go hand in hand with internal education. “Giving a new employee 250 directives to read is not the right way to go. Invariably very few employees ever really read them. It is, therefore, good to educate employees proactively and then assess what they have learned,” says Michal Jankech, the Principal Product Manager at ESET, outlining a more effective way to increase security awareness among personnel.

“Among our customers are companies that invest a lot into IT security training. As a result, every employee knows how to act in specific situations, such as when they see a colleague accessing insecure websites, or when they find a USB key lying in the corridor or sensitive documents left at the printer, and the like. This significantly contributes to the overall security of the company,” explains Jankech.

It may be difficult to recognize a suspicious email

When educating employees on IT security and creating directives, it is important to realize that employees may behave in an unsafe way either intentionally or unintentionally. Bad security behavior can be unintentional when, for instance, an employee is unable to assess whether an email is suspicious or is unaware of what a suspicious link looks like. Attackers often use sophisticated techniques and know-how to make malicious emails look trustworthy – for instance, they may include a link to a fake website of the bank or the company where the employee works. In this case, it is necessary to assess links, validation, and certificates. Of course, that is something an ordinary employee without training would not do.

The unintentional bad security behavior of employees can be further divided into malicious and harm                               less behavior. For example, if an employee decides to use the Internet for personal purposes and legally buys a movie and downloads it in the corporate network, this can be considered poor security behavior, but is likely unintentional and harmless.

Companies can be held legally responsible for illegally shared content

The situation is completely different when an employee downloads pirated movies or music on the corporate network. In this case, the company may be pursued by the copyright owner for damages and can also receive a hefty fine. This is because in much of the world legal responsibility lies with the person/entity that signed the contract with the internet service provider. In many cases the company would be legally responsible, not the employee who downloaded pirated content at work.

Disgruntled employees can pose a threat to the company

Deliberate malicious behavior occurs when an employee purposely wishes to harm the company. For instance, an employee leaving the company on bad terms could decide to copy the customer database and take it out of the company. Alternatively, a resentful employee could intentionally infect the company’s network or damage its data.

Comprehensive coverage and visibility

ESET’s security software allows the option to block the transfer of data out of the company on portable media. For instance, the company can determine which employees are allowed to copy data from corporate devices onto USB keys or it can allow data transfer only for specific USB keys that have their content encrypted by ESET Endpoint Encryption. Using ESET Endpoint Security, the company can block access to specific types of websites; for example, websites where employees could upload business data or low-reputation websites that could potentially be a source of malware infection. Data from all these security solutions is made available to IT administrators in a clear, organized form in ESET Security Management Center (ESMC). Thus, IT security within the company not only gain a good overview of what is going on in the corporate network, but they are also be able to solve security incidents in a single click within ESMC.

Try ESMC our powerful security management dashboard

ESET Security Management Center is included with all ESET Enterprise-Grade Solutions.

Previous Article

Ransomware Protection Crucial to Enterprise 0 302

Ransomware

Ransomware is by far the biggest threat among Enterprises.  So what is Ransomware? It is a malicious code that blocks or encrypts the contents of a device and demands a ransom to restore access to the data.

According to research done by ESET,  Companies named ransomware their number one concern.

In response to customer needs and concerns, ESET integrated Ransomware Shield into its security solutions. ESET has long been providing its customers with very good behavior-based malware detection and also with Host-based Intrusion Prevention System (HIPS) that allows users to set custom rules for the protection against ransomware. However, should something slip past the 11 other security layers, Ransomware Shield will be automatically activated.

While ransomware infection often starts with clicking a suspicious link or a fictitious invoice, ESET found that email remains the most common distribution method.

To combat these scenarios, enter ESET Dynamic Threat Defense (EDTD). EDTD provides another layer of security for ESET products like Mail Security and Endpoint products. It utilizes a cloud-based sandboxing technology and multiple machine learning models to detect new, never before seen type of threats. In result, attachments that were classified as malicious are stripped off the email and the recipient gets information about the detection.

To learn more about how ESET can protect your business, and to book a FREE in house Cybersecurity Training Session for your employees, please sign up below.

Free Training

Interview: Addressing the Six Biggest Cybersecurity Challenges for Enterprise 0 211

cybersecurity challenges enterprise
Ken Kimani, Channel Manager of ESET East Africa, introduces the 6 biggest cybersecurity challenges for enterprises

Enterprises are under constant attack from cybersecurity threats resulting in the loss of millions in revenue annually. Factors such as ransomware, targeted attacks, insufficient network visibility, various operating systems in an organization, bad security behaviour among office staff, lack of skilled cybersecurity workforce and the level of tolerance among staff are the major causes of cyber-attacks in the country.

To mitigate these issues, ESET East Africa offers free training, suitable for all skill levels to help educate enterprises on the importance of cybersecurity.

Subscribe to our newsletter to find out more about this training, our enterprise offering and to follow our series on the 6 Biggest Cybersecurity Challenges for Enterprises.