In a recent survey by internet security firm Appriver on small-to-medium businesses (SMBs), almost half of C-Suite executives (49%) admitted they were not confident their employees could spot a phishing email.
The survey includes responses from 1,049 C-Suite level executives (48% CEO/Founder) and covers organisations ranging from 1-250 employees.
It found that 82% of respondents claimed that “many” of their employees used business-use devices, such as work laptops, desktops and smartphones to shop online for personal items.
Among them, 61% admitted to being aware of the increased cyber-security risk this imposed on the organisation as a whole, but believed there was nothing they could do about it.
“[it is] a fact of life, there is not much I can do about it”Anonymous executive, Appriver survey
Responses also showed that in larger firms there was a higher propensity to believe that employees would use their work devices for online shopping. (88% of executives at organisations with 50-149 employees vs 90% of executives at firms with 150-250 employees.)
Adding to the gravity of these findings was the fact that nearly half of all surveyed (49%) believed that their employees would not spot an illegitimate link posing as an online retailer in a phishing email.
This lack of confidence was even worse in sectors that deal specifically in sensitive information, such as Financial Services and Insurance (52%) and Healthcare (63%).
Executives that lacked confidence their employees could spot a phishing attempt
Considering that over 90% of data breaches occur as a result of phishing emails, this demonstrates an overarching issue of paramount importance: Employees need training.
Rather than focus on trying to stop staff from using business-use devices for their own personal shopping (which 65% of them admitted they cannot do), they need to focus instead on educating them on the dangers of phishing attacks, therefor negating the increase in cyber-risk.
We have created several free tools that organisations can use to gain insights into their employees’ behaviour.
For example, our Free Click-Prone% Test reveals how many of your users would fail to spot a phishing email that could otherwise compromise your business.
With dedicated Security Awareness Training and simulated phishing, our customers have dramatically reduced their Click-Prone% (in some cases by as much as 90%).
As the holiday season approaches and malicious actors increase their attack efforts, the time to train your staff is now.