Fighting Cybercrime Starts With Addressing Employee Cyber Negligence

At a recent conference entitled "Cybersecurity for CFOs," cybersecurity experts shared a number of facts about cyber risks.

Because every employee uses the internet, they create exposure for their organization. Employees cause 53 percent of all data breaches.

Of all breaches, 93 percent involved some form of phishing. Research shows that 78 percent of employees will not click on a phishing email, leaving 22 percent who might.

Crimeware is a new trend in phishing attacks. Now, using crimeware, cybercriminals can create mass spam messages, including phishing emails, from their smartphones.

Small- to medium-size organizations are especially at risk. Cybercriminals target them in more than 50 percent of cyberattacks, and 75 percent of smaller organizations do not have cybersecurity insurance.

Often, hackers will target these organizations in order to access big corporations. They may breach a smaller organization and then wait months for a merger or other opportunity to use their access to target a bigger fish. For example, cybercriminals breached Target, Marriott, Chili's, and Under Armour by hacking their third-party vendors.

Recovering 5,000 records following a data breach can cost nearly $1.1 million. Sixty percent of organizations that are hacked will go out of business. Rebecca J. Barnabi "Winning the cyber war: Data breaches may be one of the biggest threats of the 21st century" (Apr. 05, 2019).


The above statistics are a sobering wake-up call to any organization to become more stringent about cybersecurity best practices.

Employee negligence is the “Achilles heel” of most cybersecurity plans. Therefore, constant training in the form of reminders, short quizzes, periodic longer training sessions, and weekly examples of the latest cybercriminal methods can keep the issue of data safety in the forefront of employees’ minds. Employees must be supported by management to slow down and be careful with every email. It only takes one employee clicking on a fraudulent link to jeopardize your entire network.

The following signs indicate that an email is may be a phishing scam: requests to send personal information over email; a suspicious looking “From” address; a large number of recipients or an undisclosed recipient list; a suspicious web address when you hover over a link in the email; misspellings or grammar mistakes in the email; a stranger offering to give you money; requests for you to provide money up front for a processing fee or other questionable activities; and claims that important information is included in an attachment.

Unless you are certain and already expect an email with an attachment, verify it before clicking on it. A few extra minutes of caution can avoid an expensive, time-consuming effort to repair the damage of a breach of your organization’s data.

Finally, your opinion is important to us. Please complete the opinion survey: