News and HeadlinesNational PoliticsThe Race

Actions

Biggest cybersecurity risk to U.S. businesses is employee negligence

Posted
and last updated

Living in a world where business revolves around technology, cybersecurity has become a more common issue. Studies show the greatest risk for a data breach is employee negligence.

“Somewhere between 85 and 95 percent of successful attacks on organizations now stem from phishing,” cybersecurity expert Ross Jordan said.

Ross Jordan with High Touch Technologies says phishing is a way for foreign groups or companies to gain private information from a company by targeting the employee usually through email. Scammers have become advanced enough to appear as a person or organization you trust asking for your password or credit card number.

“Phishing is something that’s usually sent out by bots. Literally just blasted out to hundreds if not thousands of emails at a time. And they’re hoping for that one naïve person to follow the link, and when they do, you’re literally opening the doors to the kingdom,” Jordan said.

Employees are often tricked because the email contains a reactionary ask telling somebody they need to share personal information right away.

“They’re taking advantage of our human nature. And when somebody needs your help, and somebody needs an action from you, you want to respond, you want to do something,” Jordan said.

According to Jordan, the best way to prevent these attacks is to train your employees. Commercial General Contractor, Pinkard Construction, is one company leading by example.

Technology Manager Eric Schmeer says models that used to be on paper have now become fully digitized using laser scanners, drones and 360 degree cameras.

“All of these devices, all this information, it’s all computerized, it’s all digital, it’s all connected to the internet. And so when you’re running these multi-million dollar projects and all that information is digital, it’s really, really important to protect it,” Schmeer said.

For that reason, Pinkard Construction takes time to educate its employees on what an attack could look like.

“Teach people just the fundamentals about how to analyze an email, and determine whether it looks phishy or not. And what to do when they’re not sure about links and whether they should click them, and how to figure out where they go,” Schmeer said.

The company also fosters an environment where employees are encouraged to come forward with questions.

“Nobody is ever hesitant to forward an entire technology team here and say ‘Hey is this legitimate? Can I click this link? What’s gonna happen here?’”

Knowing you could be just one click away from killing your company, it’s always OK to ask for help.

“Just ask. It’s very simple. We’ll be glad to help out,” Jordan said.