More

    Research data: 68% of people can’t identify a phishing website

    TechnologyCybersecurityResearch data: 68% of people can’t identify a phishing website

    NordLayer’s expert analysis reveals the ten most common cybersecurity mistakes employees make. With hybrid work models and working from anywhere still popular, the risks increase, along with potential costs for businesses. A cybersecurity expert from NordLayer shares tips on what businesses can do to avoid these mistakes. 

    Threats are everywhere 

    Organizations aren’t only made up of routers, servers, and networks — there are also people. Sometimes, employee negligence can lead to cyberattacks as tricking a person is always easier and doesn’t require as much technical knowledge as spoofing an advanced security system, and hackers know it.

    Today, more than 90% of all cyberattacks begin with a phishing email. This cyberattack is also prevalent even in social media. For example, a phishing attempt is the second most prominent scam on LinkedIn, as revealed by NordLayer’s study. What is worse, according to a cyber security company NordVPN, 68% of people can’t identify a phishing website. Regarding tools and solutions to keep employees and businesses safe, matters could be better, as research reveals that more than 70% of companies believe that they wasted 25–100% of their cybersecurity budget.

    What are employees doing?

    The figures above demonstrate how important it is for organizations to pay attention to employees’ online behavior. Carlos Salas, head of engineering at NordLayer, underlines the following most common employee cybersecurity habits that may impose a risk to businesses:

    1. Weak passwords. People tend to prioritize convenience over security, often reusing weak passwords on all of their accounts. The latest research by NordPass demonstrates what the most common passwords are and how often they are being reused.
    2. Keeping business data on personal devices. With company networks expanding rapidly, more employees use unsupervised devices for business purposes, making it harder to ensure the security of sensitive information.
    3. Clicking before thinking. Fast-paced work environments require employees to communicate and act quickly, often leading to them clicking on malicious phishing links — especially if they lack sufficient cybersecurity training.
    4. Leaving work equipment unattended. Doing so can be especially dangerous if a person is working remotely or in a public place because company data can be exposed to strangers.
    5. Not taking cybersecurity responsibly. The most advanced technological solutions are helpless against human factor-induced mistakes, such as falling victim to social engineering. 

    What can companies do to help employees avoid mistakes?

    “Cybersecurity is crucial, and negligence might be costly for businesses. This is why it’s in the best interest of companies to treat employee cyber awareness seriously. One of the most effective ways to do so is to organize regular cybersecurity awareness training,” says Salas. “It’s important to inform employees about every possible threat they can encounter and raise awareness about the shared collective responsibility for the company’s security. Spreading awareness is one step towards a whole new organizational culture.”

    Sigita Jurkynaitė, an information security manager at Nord Security, agrees with Salas and gives the following advice to businesses:

    “The worst takeaway would be to start treating your employees as the weakest link. That’s the opposite of what you should be doing because treating your employees as partners and investing in their cybersecurity awareness can pay back tenfold. However, it shouldn’t be done just to ‘check the box.’ The process should be a continuous one — make it engaging and fun, and avoid resorting to punishments if an employee fails a test.” 

    Related Posts