What’s the biggest detriment to your organization’s data?

What’s the biggest detriment to your organization’s data?

It’s not what you think.

Everybody knows about the threat that hackers present to your data. But it's your employees that present the bigger risk by unknowingly granting hackers access to your organization. In Intermedia's 2017 Data Vulnerability Report, we surveyed 1,000+ full-time office workers at companies of all sizes to find out how workplace behaviors are impacting data security.

The reality is office workers are lax on adhering to
security best practices, and it’s having financial ramifications on organizations of all sizes.

While 70% of employees say that their company provides regular cyber security risk training, the reality is office workers are lax at adhering to security best practices. Education efforts don't extend far enough. The number of phishing scams is higher than ever, and office workers aren't being properly trained to circumvent this exponential risk. As a result, a false sense of employee confidence is having financial ramifications on organizations of all sizes.

We'll be releasing findings as part of an ongoing three-part series, looking at the impact and outcome these habits have regarding email breaches and threats, ransomware, and data loss, and what you should do about it.

Email Breaches and Threats

Vulnerability and Victims
Vulnerability and Victims
Vulnerability and Victims

PHISHING, THE PROCESS BY WHICH CYBER CRIMINALS ATTEMPT TO COERCE EMAIL VICTIMS INTO MAKING A FINANCIAL TRANSACTION, DISCLOSING LOGIN CREDENTIALS OR VISITING A MALWARE-LADEN WEBSITE, IS ONLY GETTING WORSE

Vulnerability and Victims

ACCORDING TO THE FBI, BUSINESS-EMAIL COMPROMISE SCAMS ACCOUNTED FOR MORE THAN $5 BILLION IN LOSSES BETWEEN OCTOBER 2013 AND DECEMBER 2016

Research reveals a false sense of confidence among office workers with phishing scams still on the rise

EXPRESS BEING CONFIDENT IN THEIR ABILITY TO DETECT A PHISHING EMAIL
Employees need constant 24/7 access to emails OFFICE WORKERS HAVE BEEN VICTIMS OF A PHISHING EMAIL

EXPRESS BEING CONFIDENT IN THEIR ABILITY TO DETECT A PHISHING EMAIL

14%

One in seven survey respondents are not confident in their ability to detect a phishing email or they do not know what phishing is

21%

Roughly one in five office workers have been a victim of a phishing email

OF OFFICE WORKERS HAVE BEEN VICTIMS OF A PHISHING EMAIL

OF OFFICE WORKERS HAVE BEEN VICTIMS OF A
PHISHING EMAIL

Phishing, It's Not Just for Entry-Level Employees

REPORT THEY HAVE BEEN THE VICTIM OF A PHISHING EMAIL
MORE TIMES THAN OTHER GROUPS OF KNOWLEDGE WORKERS line
REPORT THEY HAVE BEEN THE VICTIM OF A PHISHING EMAIL
MORE TIMES THAN OTHER GROUPS OF KNOWLEDGE WORKERS

REPORT THEY HAVE BEEN THE VICTIM OF A PHISHING EMAIL, MORE THAN OTHER GROUPS OF KNOWLEDGE WORKERS

REPORT THEY HAVE BEEN THE VICTIM OF A
PHISHING EMAIL, MORE THAN OTHER GROUPS
OF KNOWLEDGE WORKERS line
>Ryan Barrett

Ryan Barrett,VP of Security and Privacy, Intermedia

  idea

It’s no longer effective to just talk 'at' employees about cyber threats. Companies need to offer regular interactive IT security training events to show employees what real attacks look like, and how to react to them. For example, at Intermedia we do a Hacktober event every October where we simulate 'live' security incidents to help employees detect and prevent cyber-attacks in a fun and interactive way.

line

While the number of attacks has dramatically increased in the past two years, employee training has not

ORGANIZATIONS REGULARLY COMMUNICATE AND TRAIN EMPLOYEES ABOUT CYBER THREATS AS A MEANS OF PREVENTION line
ORGANIZATIONS REGULARLY COMMUNICATE AND TRAIN EMPLOYEES ABOUT CYBER THREATS AS A MEANS OF PREVENTIO

What companies deem to be “regular” communication

ACCORDING TO INTERMEDIA’S 2016 IT CONFIDENCE INDEX SURVEYED IT PROFESSIONALS SAID

What companies deem to be regular communication
What companies deem to be regular communication
   
WHY ARE EMPLOYEES STILL TAKING THESE RISKS AND WHAT SHOULD COMPANIES BE DOING TO PREVENT IT?
Ryan Barrett

Ryan Barrett,VP of Security and Privacy, Intermedia

 

When it comes to devising trainings, companies need to think outside of the box. How do you track effectiveness? For example, we’ve even simulated a phishing attack among our own employees because we’ve found that the percentage of employees that fall victim to these self-imposed exercises goes down dramatically with each internal attempt. Interactive phishing campaigns allow employers to safely educate employees without risking the loss of valuable data.

HOW CAN CHANNEL PARTNERS HELP THEIR CUSTOMERS CIRCUMVENT THESE RISKS?
Eric Martorano

Eric Martorano,Chief Revenue Officer, Intermedia

 

Offering frequent interactive trainings might be achievable for larger companies, but it can be challenging for smaller organizations. SMBs are frequently limited by technical and/or financial resources to protect their data effectively, making them a prime target for cyberattacks. For MSPs, providing comprehensive security training in tandem with layered security solutions presents a prime opportunity to deliver additional value in a much-needed area.

Now what should you do?
Now what should you do?

As phishing evolves, we can expect office workers to continue falling victim to these scams, exposing their organizations' data to hackers and cybercriminals. To that end, companies need to ensure their education efforts include quarterly interactive trainings in tandem with layered security solutions. Ensuring employees, customers, and partners alike are familiar with the changing threat landscape will help mitigate the false sense of confidence that office workers have around detecting phishing scams and other cyberattacks.

Check out these resources below for further information on preventing phishing attacks, and to sign up to receive Parts 2 and 3.

About Intermedia

Intermedia integrates the essential IT applications that companies need to do business, including email, voice, backup and file sharing, productivity, identity and access management, security and archiving – all delivered by a single provider and integrated into one control panel. Intermedia services offer enterprise-grade security, a 99.999% uptime service level agreement and J.D. Power-certified 24/7 support. For more information, visit Intermedia.net or connect with us on Twitter, Facebook or LinkedIn.

Survey Methodology

This study was commissioned by Intermedia and delivered by Precision Sample®, an independent market research organization. Precision Sample has an active proprietary panel of over 3.5M respondents that is routinely validated with a stringent screening process including Verity® and RelevantID by Imperium®. Results derived from an 11-minute online survey instrument with 45 total questions, fielded June 1-5, 2017. Setup questions were used to ensure that only U.S. knowledge workers were in the sample, which was defined as those who routinely work in an office environment. Overall margin of error of +/- 2.95% at a 95% confidence interval.

All trademarks, registered trademarks, service marks, trade names and product names appearing herein are the property of their respective owners.

Chat with an Expert
x

Hello.
Can one of our solutions specialist answer any questions for you?

Become a Partner