There’s a definite yin-yang to the digital world. Our lives have vastly improved over the past few decades as technology has become increasingly sophisticated, aiding us in both our work and personal lives. We can work online, bank online, visit doctors online, and look up answers to literally any questions we might have about anything using our voices.
But it’s a bit like Pandora’s box. Yes, we’ve greatly benefited from technology and will continue to do so, but technology isn’t without its potential dangers. The law of unintended consequences often rears its ugly head, especially in business.
Companies spend a lot of money on security fixes like firewalls, advanced detection and protection tools, and more. But companies also know that it’s not just tech fixes that will protect their data and systems. In fact, their own employees tend to represent the greatest risk as hackers employ a wide range of social engineering ploys to expose and exploit human vulnerabilities.
Does that mean that your people are dumb? Or that dumb people are the only ones who are prone to falling for these kinds of scams? Far from it. Your people aren’t stupid. They’re human.
There are a number of ways people can be tricked into doing things they’ve been warned against.
Virtually everywhere people go online these days—whether using their desktops, laptops, tablets, phones, or voice-controlled devices like Alexa—they leave a trail of data that hackers can access and leverage to their own benefit. The more time spent online, the more vulnerable people become.
Scammers can easily find readily available public information about any person on social media and take full advantage of that access to craft highly targeted, personalized attacks that are difficult to dismiss.
Scammers are highly motivated and spend all of their time thinking of new ways to gain access to your data. As soon as one potential vulnerability is controlled, they’re on to the next scam. They’re tricky and they understand human nature. They know our vulnerabilities, and they use that knowledge to trip up even the most savvy users.
We’ve all seen the compelling headlines on Facebook: “You won’t believe the lie Amber Heard was caught in today!” or “What will you look like when you turn 100?” or “See what these stars from the 1970s look like today. #20 will shock you!”
So, we click the link and a malicious payload is delivered.
While it’s been said that if something seems too good to be true, it probably is, we’re still likely to succumb to this kind of clickbait. Whether it’s the promise of cash, an opportunity to get in on the ground floor of a “you can’t lose” investment opportunity, or even a free car wash, when faced with a compelling offer, most people will bite.
The myriad of tragic events taking place around the world are fodder for scammers who are adept at making appealing fundraising pleas to support everything from those suffering with COVID to people displaced in Ukraine to rebuilding after natural disasters (and more). If an event is likely to tug at someone’s heartstrings, scammers are poised to profit from it.
This is especially true if what they’re being told to do comes from someone in authority: someone in HR, a manager, or the company CEO.
Savvy hackers have learned how to impersonate people with authority. They send fake messages from the CEO with instructions to wire funds to a bogus supplier account or trick employees into other fraudulent business email compromise (BEC) schemes. They know that employees are likely to respond to a request from the CFO to purchase Amazon gift cards with the company credit card and email them to HR. Only, of course, it’s not HR that employees are sending them to—it’s the scammers.
According to Security magazine, more than half of employees (52%) say they’ve fallen prey to a phishing attack from someone they thought was a senior leader in their organization, up from 41% in 2020.
Accenture calculated the increase of cyberattacks during the first half of 2021 to be in the triple digits. Clearly, attackers are becoming craftier—and companies are dealing with more of them. Their work is lucrative. Their opportunities to gain access to systems and data through human vulnerabilities are massive.
So what can you do to minimize the chances that your employees—even your savvy employees—will fall prey to crafty scammers?
The battle to protect employees from themselves and those who attempt to use their trusting nature and tendency toward compliance against them isn’t a one-time event; it’s a process. Some best practices to keep in mind are as follows.
- Communicate with employees regularly about the risks—not just with facts and data, but with stories and examples that will make a far greater impact.
- Train and educate employees regularly. This could take the shape of traditional training programs, online and on-demand access to information, brief polls and quizzes, updates in all-hands or department meetings, and more.
- Make sure your executive team is part of the communication process and leaders set a model example for employees through their behaviors and actions.
Effectively combating cyberattacks requires ongoing attention, diligent awareness, and a combination of technology, employee communication, policies, procedures, and follow-up to keep you and your customer data safe.short url: