Employee End-User

The most dangerous cyber threat to a business is their employees. For example, in 2019 Capitol One suffered a breach exposing the personal data of over 100 million people. Amazon hosted the Capitol One database via their Amazon Web Services program, and unfortunately was the employer of the person responsible for the breach. Paige Thompson, the former Amazon employee, stole over 140,000 Social Security numbers and 80,000 account numbers during the breach. The affected information included Capitol One credit card applicants from 2005 through 2019. Losses are projected in excess of $150 million for this breach.

End-user education addresses the most vulnerable access point to a cyber security program, the user. Employees are completely unpredictable and just as Amazon could not predict the actions of Paige Thompson, no small business owner can completely predict the actions of all employees. Although malicious and intentional breaches performed by employees cannot be predicted, we can offer education and information to avoid accidental breaches. Teaching users to delete suspicious email attachments, not plug in unidentified USB drives, alert management when a payment has been requested from an unknown entity, report all suspicious or repeating invoices and various other important lessons are vital for the security of any organization.

It seems cybercriminals have always been aware of the vulnerability that lies within the employee base. They have continuously utilized this source to attack many businesses, large and small. Unfortunately, they are most often successful when utilizing this weak point. As their attacks become more sophisticated and deceptive, end-user education becomes more necessary.

Many employers are aware of the most common threat malware, or malicious software which is commonly introduced to a cyber network through a phishing scam, when cybercriminals target the victim’s emails with an email that appears to be from a legitimate company. Typically, these emails request sensitive information and often are used to trick users into handing over credit card data and other personal information. Although phishing scams are most common, there are many other ways that cybercriminals can use your employees to introduce malware to your cyber network. It is best that we educate our users on each type of malware to aid them in identifying any attempts they may encounter. Here is a list of other common types of malware. As we progress, we will define these more in-depth.

Common Types of Malware

Virus – A self-replicating program which attaches itself to clean files and spreads throughout a computer system. Its purpose is to infect pertinent files with malicious code.

Trojans – A type of malware disguised as legitimate software for uploading, used by cybercriminals to cause damage or collect data.

Spyware – A program that secretly records user activity and is commonly used to obtain credit card information from employees often taking payments.

Ransomware – Cybercriminals lockdown a user’s files and data, threatening to erase it unless a ransom is paid.

Adware – Advertising software used to spread malware through various ads, also known as “pop-ups”.  

Botnets – Multiple networks of malware infected computers are used to perform online tasks without the user’s knowledge or consent.