In a recent survey by internet security firm Appriver on small-to-medium businesses (SMBs), almost half of C-Suite executives (49%) admitted they were not confident their employees could spot a phishing email.
The survey includes responses from 1,049 C-Suite level executives (48% CEO/Founder) and covers organisations ranging from 1-250 employees.
It found that 82% of respondents claimed that “many” of their employees used business-use devices, such as work laptops, desktops and smartphones to shop online for personal items.
Among them, 61% admitted to being aware of the increased cyber-security risk this imposed on the organisation as a whole, but believed there was nothing they could do about it.
“[it is] a fact of life, there is not much I can do about it”
Anonymous executive, Appriver survey
Responses also showed that in larger firms there was a higher propensity to believe that employees would use their work devices for online shopping. (88% of executives at organisations with 50-149 employees vs 90% of executives at firms with 150-250 employees.)
Adding to the gravity of these findings was the fact that nearly half of all surveyed (49%) believed that their employees would not spot an illegitimate link posing as an online retailer in a phishing email.
This lack of confidence was even worse in sectors that deal specifically in sensitive information, such as Financial Services and Insurance (52%) and Healthcare (63%).
Executives that lacked confidence their employees could spot a phishing attempt
Considering that over 90% of data breaches occur as a result of phishing emails, this demonstrates an overarching issue of paramount importance: Employees need training.
Rather than focus on trying to stop staff from using business-use devices for their own personal shopping (which 65% of them admitted they cannot do), they need to focus instead on educating them on the dangers of phishing attacks, therefor negating the increase in cyber-risk.
At Phishing Tackle, we specialise in educating and testing employees on the dangers of phishing and social engineering, reducing firms’ cyber threat surface.
We have created several free tools that organisations can use to gain insights into their employees’ behaviour.
For example, our Free Click-Prone% Test reveals how many of your users would fail to spot a phishing email that could otherwise compromise your business.
With dedicated Security Awareness Training and simulated phishing, our customers have dramatically reduced their Click-Prone% (in some cases by as much as 90%).
As the holiday season approaches and malicious actors increase their attack efforts, the time to train your staff is now.