This article is about the most important asset you have, the one that keeps your business running and thriving—your employees. If you are a sole proprietor, this applies to you as well. So why are the people working at your company the greatest risk?

The well-known saying, “A chain is only as strong as its weakest link,” fits perfectly here. It only takes one vulnerable person for the entire company to be affected. In this article, we will highlight the risks associated with employees and provide a list of possible measures to strengthen those weaker links.

How Do Attacks Happen?

There is one issue that stands out more than others and affects most companies: phishing. Most studies show that around 90–95% of all cyberattacks start with a phishing attack. It sounds unlikely, but the fact is that as many as 1.2% of all emails sent on the internet are phishing attempts. Luckily, most attacks are stopped by internal email protections. However, there is still a significant risk that an email may slip through, especially if it is a targeted attack.

This type of email attack is not designed to reach as many people as possible but is specifically aimed at your company. The email will appear to come from an employee, supplier, or customer. Our own tests show that between 40-65% of recipients click on malicious links during targeted attacks. This figure increases the more sophisticated and creative the attack is.

 

What Happens When You Click?

If you’re lucky, it may just be an attempt at fraud, such as the attacker sending a fake invoice. These can be difficult to detect and may easily slip through, especially if the amounts are small. But if you’re unlucky, the link or attached file in the email may contain malicious code.

Most of the time, nothing happens immediately after clicking. However, in the background, the infected computer has joined what is known as a botnet and is now awaiting instructions from the attacker. Among other things, the attacker can:

  • Use the infected computer along with thousands of others to carry out denial-of-service attacks.
  • Choose to install ransomware on the device. All data is encrypted, and the victim is forced to pay a ransom to the attacker to unlock the device.
  • Go deeper, exploring email contacts, network infrastructure, connections, and more, to infect other devices or prepare for a larger attack.

So, How Do You Protect Yourself?

It is possible to protect yourself to some extent through costly technical solutions, but this is often not a viable option for smaller companies. This is why this type of attack is so common and effective. The only effective solution we see is to completely avoid clicking on links in emails or downloading and opening attachments.

And this is where the weak links come in. How many people in your company can look at an email and determine whether the message about updating a system is real or fake?

Currently, no protection works perfectly for a connected business. What you can do is increase awareness among yourself and your colleagues, for example, through training initiatives. It’s also a good idea to test your organization after such an initiative. With Safestate’s phishing service, you can test your organization free of charge. Contact our support team if you want to learn more.