Employees without knowledge can threaten your business. And you can not blame them

Cyber-attacks are increasingly sophisticated. They use not only state-of-the-art technologies, but mainly psychological techniques against which the normal user is virtually helpless. You can not prevent them altogether, but you can prepare for them and significantly reduce the risk that they will endanger you. And if you are to be the victim of such an attack, it is good to attenuate its consequences at least.

The target of the attacks can be anyone. Increasingly, they become medium and small companies. For these, the consequences can be very sensitive, often down to liquidation. The attacker does not have to go about the theft of funds initially. For example, if an attacker empowers an employee’s email account, he/she may start communicating with your customers or business partners on behalf of your company. Or, data from your business databases may be leaked. This can have a huge impact on your market credibility.

Recently, extortive attacks, called ransomware, have grown. An attacker encrypts your data and requests a ransom in the order of hundreds of thousands of Czech crowns, in exchange for re-accessing your data. Often, the payment of the ransom does not lead to the data being retrieved.

How does it relate to a regular employee?

A lot. Usually hackers do not attack through the IT department. They are looking for the weakest place. And just the employees for whom the computer or the smartphone is a working tool (assistants, accountants, graphic designers, administrators, etc.) often do not know the usual ways of attacking, but almost everyone has access to corporate data or access to the internal network. Due to lack of knowledge, the attackers open the door to confidential information. It’s not their fault, not everyone in the company is computer specialist, but everyone should know about these threats and ways how to protect from them.

“This should be taken care of by the IT department”

If an attacker gets into your network, it’s usually too late. Even a more self-confident avoider may not be able to prevent the consequences. Imagine that you give strong and expensive corporate cars to employees without any driving experience. Some will manage it, but the risk of some cars being damaged is high. And relying on it to be solved by a clever corporate car mechanic probably will not be the best solution. Certainly he can do much, but he is not omnipotent. And expecting him to train well the staff is not possible. He has to take care of the fleet, the school of safe driving is another discipline. IT is similar. Everybody has some abilities and a limited number of hours. If he concentrates on employee training, his work will somehow be missing.

Zdroj: https://iamjosaguiar.com/cyber-security-best-practice-for-small-business-owners/why-train-employees_infograph-01/


Jmenuji se Milan Půlkrábek, pamatuji si počítače bez internetu, Internet bez Google a mobilní komunikaci bez šifrování. Mám za sebou více než dvacet let profesionální praxe v IT, přednáším a píšu články o IT bezpečnosti, kryptoměnách a nových technologiích. Od roku 2014 jsem součástí nezikové organizace Paralelní Polis v Praze.