You have great employees. But, when it comes to cybersecurity breaches, they are your greatest vulnerability. You may not realize it, but 90% of incidents are the result of human error.
It’s not a matter of “if” your employee emails might become the subject of a cybersecurity threat, it’s “when.” Phishing attacks are entirely preventable, but they can be incredibly difficult to identify. As hackers adopt more sophisticated methodologies, sophisticated and continual training to prevent them from wreaking havoc on your company’s IT infrastructure and customer data is increasingly important.
Straight from the headlines – we at KLH wanted to share with you two case studies of breaches that stemmed from an employee email. Then, we share a key strategy action for being more proactive against cyberattacks.
Case Study 1
Organization: People Inc.
Threat Type: Employee email account breach
The target of this breach was New York’s largest nonprofit organization providing services for seniors, families and individuals with developmental disabilities. A compromised email account gave hackers access to an extensive amount of client and patient information. Security officials believe that a brute force attack exploited a weak employee password, and a simple password reset secured the account. However, it was later discovered that the company knew of the breach as early as February, making their recent acknowledgement of the incident especially alarming.
Consequences: Names, addresses, social security numbers, financial data, medical information, health insurance information and government IDs were all accessible to hackers. This information can quickly spread on the Dark Web. Clients and patients now must be vigilant about acquiring identity and credit monitoring services as a precaution against credential misuse.
Case Study 2
Organization: Nova Scotia Health Authority
Threat Type: Phishing Attack
When an employee entered his credentials into an email purporting to be from the company’s information technology department, hackers gained access to sensitive patient information stored in the employee’s email account. Although the breach was first reported on May 13, the organization required nearly a month to determine the type and scope of the compromised data. The slow response time and weak protocols will make the cleanup costly, as the company must re-establish patient trust even as they upgrade cybersecurity practices.
The breach specifically pertains to patients who were scheduled for surgery or were communicating with the Colchester East Hants Health Centre in Truro. Since the organization can’t verify specific data exposure, those impacted by the breach should prepare for the worst and assume that their information could be made accessible on the Dark Web.
Hire KLH for Ongoing Employee Cyber Training
Phishing attacks are entirely preventable, but they can be incredibly difficult to identify. As hackers adopt more sophisticated methodologies, sophisticated and continual training to prevent them from wreaking havoc on your company’s IT infrastructure and customer data is increasingly important. What’s more, this training needs to reflect the evolving nature of today’s attacks.
At KLH we can simulate phishing attacks and conduct security awareness training campaigns, helping employees identify the signs of a scam in a rapidly changing threat environment.
Want to learn more about how to better protect your business from security threats? Read our blog, Here’s how KLH protects your businesses – How secure are you?
Schedule your next employee training session today. Click here to get started.