Do your employees Christmas shop from work? Spoiler: the answer is yes.
Ratting myself out, I was just checking one of my orders before I typed this. Ok other than maybe bending a few company rules, there’s no big deal, right? It’s Christmas, lighten up!
Except that it might be a huge security risk.
A recent study shows that 47% of social media users have fallen for shopping scams. That means that nearly half of the people on social media have fallen for one of these scams.
The promise of a hot deal is one click away before their personal details and finances are handed over to criminals.
It stinks, but if they are doing it on a company device (or one that accesses your company network or data) then the business could be exposed too.
Phishing scams that pose as a person or brand you trust have fooled 36% of people into revealing their personal data. Likewise, another popular scam that has affected just as many people is one where criminals persuade people to buy them gift cards in exchange for money, which is then revoked, leaving them with nothing.
Some of these scams are contained in the scam itself, but not all threats are on the same level. Many use links to malicious software that infects files and steals data. Just last week we talked about the Cloud9 attack that steals your data and uses your hardware for cryptocurrency mining.
If one of your employees clicks a malicious link like that on a work device, the results can be devastating. The cost of a data breach goes well beyond the cost of ransomware (averaging $4.87 million) and downtime. 39% of the costs are incurred more than a year after the breach, and the loss of reputation and business opportunities is the largest cost suffered.
How do you protect your business against this kind of scam?
You need the right security tools protecting your business. Contrary to popular belief, cybersecurity isn’t a simple product you buy that protects you. Yes, there are specific cybersecurity products you should consider like 24/7 monitoring, but cybersecurity runs deeper than that. Cybersecurity is a practice that should be integrated into every facet of your business technology as part of its DNA. That is how you create layers of protection for your business.
One of the key items to implement is employee training. 88% of data breaches are caused by human error. You can choose to hear that and think employees are the weakest link, and in a sense you’re right. However, the positive side of that is that employees are your first line of defense. They are the ones working the front lines. They get the phishing emails and text messages. They get sent imposter email requests. The strongest employees recognize what is a scam and don’t fall for it. They know if a special sale looks too good to be true then it is.
Training is how you empower your employees to be sharp and see through the scams.
They should be made aware of the latest scams, but more so of warning signs to watch for. They should know how to check an unknown email, and not to click links for anything they do not trust.
They should also know what to do when a security breach is spotted. The speed of the reporting has a major impact on how much the damage can be diminished.
Ongoing training should be part of your cybersecurity tools, and it should be engaging and fun.
If you have any questions about your cybersecurity stance, hardware, or employee training feel free to reach out for a free consultation.